Here is the sample of my rules: Administrator(group1)------>Internal_net(NEGATE)---->any--------------->acce pt--->no time restriction. Project Manager(group2)--->Internal_net(NEGATE)--->Valid_services---->accept-->no time restriction. Internal_net------------------>Internal_net(NEGATE)---->http_Block_sites (UFP Server(Websense))---->accept---->TIME RESTRICTION (ex.:12:00 to 13:00...lol..lunch break) Group1: In this you will find the name & IP address of the internal computers. (server, admin workstation for work, BOSS computer :) ) Group2: In this you will find the name & IP address of the internal computers. (project manager who mostly need FTP access to client sites) Valid_services: Ftp, http, https....that all!!! Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x) no DHCP. But you can manager DHCP to allow FIX address to specific machine. My network is all Win NT. FW-1 is NT also. ****************************************** * Follow your dream! Unless it's the one * * where you're at work in your underwear * * during a fire drill. * ****************************************** *UNIX was never designed to keep people from doing stupid things, because that policy would also keep them from doing clever things.* ****************************************** Dessinateur / Draftsman & Windows NT Administrator Stephan Dubeau Dessin Structural B.D. inc. B.D. Structural Design inc. 1400 Graham-Bell, Bureau/Office 300 Boucherville, Quebec, Canada J4B 6H5 Tel.: (450) 641-1434 Fax: (450) 449-1772 mailto:[EMAIL PROTECTED] (Affaire/Business) mailto:[EMAIL PROTECTED] (Amusement/Pleasure) -----Original Message----- From: Norman Zhang [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 20:38 To: [EMAIL PROTECTED] Subject: [FW1] Rules for internet access Hi, I have an NT domain hidden under NAT behind my firewall. I would like to set up a rule to allow certain users for internet access. Would someone please kindly tell me what rules that I need to set to enable these users to access the internet while other users are restricted? Thanks and regards, Norman ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *============================================================================================* L'information confidentielle incluse dans ce courrier �lectronique s'adresse uniquement � la personne, physique ou morale, vis�e. Toute utilisation, copie, divulgation ou distribution non autoris�e de ce document est strictement interdite. Si vous n'�tes pas la personne concern�e par cette transmission �lectronique, veuillez d�truire ce document et nous aviser par courriel ou par t�l�phone au (450)641-1434. Les opinions �mises dans ce courriel ne repr�sentent pas n�cessairement des opinions v�hicul�es par Dessin Structural B.D. inc. *============================================================================================* The confidential Information contained in this e-mail is intended only for the person or entity to which it is addressed. Any use, disclosure, copying or distribution of this document is prohibited and may be unlawful. If you are not the intended recipient, please destroy this document and notify us by e-mail or by phone (450)641-1434. Any opinions contained within this e-mail are not necessarily the opinions of B.D. Structural Design inc. *============================================================================================*Title: RE: [FW1] Rules for internet access
Here is the sample of my rules:
Administrator(group1)------>Internal_net(NEGATE)---->any--------------->accept--->no time restriction.
Project Manager(group2)--->Internal_net(NEGATE)--->Valid_services---->accept-->no time restriction.
Internal_net------------------>Internal_net(NEGATE)---->http_Block_sites (UFP Server(Websense))---->accept---->TIME RESTRICTION (ex.:12:00 to 13:00...lol..lunch break)
Group1: In this you will find the name & IP address of the internal computers. (server, admin workstation for work, BOSS computer :) )
Group2: In this you will find the name & IP address of the internal computers. (project manager who mostly need FTP access to client sites)
Valid_services: Ftp, http, https....that all!!!
Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x) no DHCP. But you can manager DHCP to allow FIX address to specific machine.
My network is all Win NT.
FW-1 is NT also.
******************************************
* Follow your dream! Unless it's the one *
* where you're at work in your underwear *
* during a fire drill. *
******************************************
*UNIX was never designed to keep people from doing stupid things, because that policy would also keep them from doing clever things.*
******************************************
Dessinateur / Draftsman &
Windows NT Administrator
Stephan Dubeau
Dessin Structural B.D. inc.
B.D. Structural Design inc.
1400 Graham-Bell, Bureau/Office 300
Boucherville, Quebec, Canada
J4B 6H5
Tel.: (450) 641-1434
Fax: (450) 449-1772
mailto:[EMAIL PROTECTED] (Affaire/Business)
mailto:[EMAIL PROTECTED] (Amusement/Pleasure)
-----Original Message-----
From: Norman Zhang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 20:38
To: [EMAIL PROTECTED]
Subject: [FW1] Rules for internet access
Hi,
I have an NT domain hidden under NAT behind my firewall. I would like to set
up a rule to allow certain users for internet access. Would someone please
kindly tell me what rules that I need to set to enable these users to access
the internet while other users are restricted?
Thanks and regards,
Norman
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
