Thx a lot for this verry usefull information, now some things have become a little clearer to me.
regards -- http://schmidt.bs-server.com Thorsten Behrens schrieb: > "EdonkeyTCP", in the Advanced Options: Port:1025-65535, Protokoll > Type:"EDONKEY", the 'Match Any' box is unchecked. > > The Problem is, that this rule matches for every connection with port > above 1025, it seems that Checkpoint does not care for the Protokoll > Type. Is this true? What's my mistake? > > The protocol type tells VPN-1 which INSPECT handler to use to do deep > inspection on the traffic - layer-7, data, stuff. For example, the > SQLNET2 INSPECT handler dynamically opens negotiated connections, the > FTP INSPECT handler dynamically opens data connections, the CIFS INSPECT > handlers do some sanity checks and allow NAT for the traffic - you get > the idea. > > Initial matching of the traffic, however, is done up to layer4. Then the > traffic is handed to the INSPECT handler, if one has been specified, and > it does further work on the actual data passing through. That's the way > the product works. > > I'd recommend looking into other ways to get the data you are after. You > want some auditing of traffic based on layer-7 characteristics, which a > firewall is notoriously bad at. IDP devices, on the other hand, are > designed to do just that. Hook up a snort box for laughs and see what > kind of data you can get. > > ********************************************************************** > This email and any files transmitted with it are subject to > the Integralis terms and conditions. Please see > http://www.integralis.com/disclaimer for more details. > ********************************************************************** > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================