I want to filter out real audio/video that is tunneled inside of HTTP. Turning off RTSP isn't enough. The new players can run the streams through HTTP now. Phoneboy's site says I can do it with a wildcard URI resource. See this link --> http://www.phoneboy.com/fw1/faq/0285.html I've tried it and it ain't workin. Reading the checkpoint manuals it seems that to get the HTTP security server to process the URI resource I've got to specify User Auth in the action field. I quote from page 494 in the v4.1 admin guide "The HTTP security server is invoked when a rules action specifies User Authentication". I don't want to do that. My users are not doing this now and it would be a major pain to do. Have I totaly misunderstood the manuals? They do mention transparent authentication but it doesn't seem to be working in my case. Our setup is User's Browser ---> MS Proxy Servers --> Default Gateway --> Firewall. Our browsers all have a proxy server configured and it points to any number of MS Proxy servers. The proxy servers are not part of a proxy array configuration, they are configured for a direct connection to the internet. Our routers forward all unknown IP destinations through the firewall. I haven't specfied any settings in the firewall policy properties page regarding HTTP security servers. We do use Websense for site categorization and filtering and that's working fine. I just assumed this wildcard URI would work just as seemlessly. ---------------------------------------------------------------------------------------- Greg Winkler Systems Manager, IT&S Huntsman Corporation Internet Mail: [EMAIL PROTECTED] Voice: (713) 235-6018 Fax: (713) 235-6890 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
