RE: [FW1] HTTPS rule

Mike Glassman - Admin Sat, 03 Jun 2000 23:18:01 -0700

I will try combining the rules and see what happens.

I agree that the most used should be first, and you are right, the rules are
for outgoing only.

Mike

> -----Original Message-----
> From: Robert MacDonald [SMTP:[EMAIL PROTECTED]]
> Sent: a iae 31 2000 13:52
> To:   [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Cc:   [EMAIL PROTECTED]
> Subject:      RE: [FW1] HTTPS rule
> 
> It's quite difficult to scan encrypted traffic, though it could be done
> ;-).
> 
> If you can have the CVP act as a SSL server to the 'outside' client, and
> then have it act as a SSL client to the 'inside' server, you might have it
> scan(I think??-never tried, but it sounds good.)
> 
> As for the order, wouldn't you want to put the most used rule before the
> other? But in looking at this, yours rules are for outbound right? Why not
> combine the two services into one rule?
> 
> Robert
> (p.s. Have you heard when Mike A. will be back online?)
> 
> - -
> Robert P. MacDonald, Network Engineer
> G o r d o n   F o o d    S e r v i c e
> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
> 
> >>> Mike Glassman - Admin <[EMAIL PROTECTED]> 5/31/00 2:57:58 AM >>>
> >
> >Regretefully not.
> >
> >Altho the problem is on the FW side and not the CVP. It seems that
> because
> >HTTPS is already secured in some manner (This is what I was told), you
> >cannot add it to be scanned.
> >
> >I am using Esafe 2.1 build 99.
> >
> >Mike
> >
> >> -----Original Message-----
> >> From:      Valerie Harris [SMTP:[EMAIL PROTECTED]] 
> >> Sent:      a iae 31 2000 7:48
> >> To:        Mike Glassman - Admin
> >> Cc:        'fw-1 listserv'
> >> Subject:   Re: [FW1] HTTPS rule
> >> 
> >> Can your CVP server do HTTPS filtering?
> >> 
> >> Mike Glassman - Admin wrote:
> >> 
> >> > All,
> >> >
> >> > If I want to allow HTTPS/SSL in addition to HTTP... Should the HTTPS
> >> rule be
> >> > before the HTTP rule or after ?
> >> >
> >> > At the moment I have it as :
> >> >
> >> > Proxy-Server    ANY     HTTPS   Accept
> >> > Proxy-Server    ANY     HTTP-CVP        Accept
> >> >
> >> > But for some reason the Proxy server is unable or unwilling to allow
> >> HTTPS.
> >> >
> >> > Anyone ?
> >> >
> >> > Mike Glassman
> >> > System & Security Admin
> >> > Israeli Airports Authority
> >> > Ben-Gurion Airport
> >> > http://www.ben-gurion-airport.co.il 
> >> >
> >> > Tel : 972-3-9710785
> >> > Fax : 972-3-9710939
> >> > Email : [EMAIL PROTECTED] 
> >> >
> >> > Usage of this email address or any email address at iaa.gov.il for
> the
> >> > purpose of sales pitches, SPAM or any other such unwanted garbage, is
> >> > illegal, and any person, whether corporate or alone doing so, will be
> >> > prosecuted to the fullest possible extent.
> >> >
> >> >
> >> 
> >> ?
> >> Valerie Harris
> >> Senior Systems Engineer
> >> I.T. Security Centre
> >> National Computer Systems Pte. Ltd.
> >> Tel: +65-8705466
> >> Fax: +65-7745812
> >> Email: [EMAIL PROTECTED] / [EMAIL PROTECTED] 
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] HTTPS rule

Reply via email to
