RE: [FW1] HTTPS rule

Robert MacDonald Wed, 31 May 2000 04:57:50 -0700

It's quite difficult to scan encrypted traffic, though it could be done ;-).

If you can have the CVP act as a SSL server to the 'outside' client, and then have it 
act as a SSL client to the 'inside' server, you might have it scan(I think??-never 
tried, but it sounds good.)

As for the order, wouldn't you want to put the most used rule before the other? But in 
looking at this, yours rules are for outbound right? Why not combine the two services 
into one rule?

Robert
(p.s. Have you heard when Mike A. will be back online?)

- -
Robert P. MacDonald, Network Engineer
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Mike Glassman - Admin <[EMAIL PROTECTED]> 5/31/00 2:57:58 AM >>>
>
>Regretefully not.
>
>Altho the problem is on the FW side and not the CVP. It seems that because
>HTTPS is already secured in some manner (This is what I was told), you
>cannot add it to be scanned.
>
>I am using Esafe 2.1 build 99.
>
>Mike
>
>> -----Original Message-----
>> From:        Valerie Harris [SMTP:[EMAIL PROTECTED]] 
>> Sent:        a iae 31 2000 7:48
>> To:  Mike Glassman - Admin
>> Cc:  'fw-1 listserv'
>> Subject:     Re: [FW1] HTTPS rule
>> 
>> Can your CVP server do HTTPS filtering?
>> 
>> Mike Glassman - Admin wrote:
>> 
>> > All,
>> >
>> > If I want to allow HTTPS/SSL in addition to HTTP... Should the HTTPS
>> rule be
>> > before the HTTP rule or after ?
>> >
>> > At the moment I have it as :
>> >
>> > Proxy-Server    ANY     HTTPS   Accept
>> > Proxy-Server    ANY     HTTP-CVP        Accept
>> >
>> > But for some reason the Proxy server is unable or unwilling to allow
>> HTTPS.
>> >
>> > Anyone ?
>> >
>> > Mike Glassman
>> > System & Security Admin
>> > Israeli Airports Authority
>> > Ben-Gurion Airport
>> > http://www.ben-gurion-airport.co.il 
>> >
>> > Tel : 972-3-9710785
>> > Fax : 972-3-9710939
>> > Email : [EMAIL PROTECTED] 
>> >
>> > Usage of this email address or any email address at iaa.gov.il for the
>> > purpose of sales pitches, SPAM or any other such unwanted garbage, is
>> > illegal, and any person, whether corporate or alone doing so, will be
>> > prosecuted to the fullest possible extent.
>> >
>> >
>> 
>> —
>> Valerie Harris
>> Senior Systems Engineer
>> I.T. Security Centre
>> National Computer Systems Pte. Ltd.
>> Tel: +65-8705466
>> Fax: +65-7745812
>> Email: [EMAIL PROTECTED] / [EMAIL PROTECTED] 




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] HTTPS rule

Reply via email to
