[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] strange behaviour with http scanning and CVP (esafe)

To: <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: [FW1] strange behaviour with http scanning and CVP (esafe)
From: "André Münch" <ajmuench@hotmail.com>
Date: Tue, 7 Mar 2000 09:45:04 +0100
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com


Hello all,

i´m using fw1 4.1 OS Solaris 7 with esafe protect gateway as CVP Server
and internal MS proxy 2.0 server.

This is a part of my rule base:

A:    Proxy    ANY    HTTP-->HTTP_Scan    accept   (scanned by esafe)
B:    Proxy    ANY    all_allowed_services     accept

the group "all_allowed_services" contains protocols in use which can´t be
scanned by the CVP Server. Of course it doesn´t
contain the scannable protocols (http, smtp, ftp)

I noticed drops of http traffic in the log by the clean up rule. I wondered
why and added a rule C behind rule B:

C:    Proxy    ANY    HTTP                            drop

Now the log contains a amount of http drops in rule C.

Obviously the users aren´t affected by this drops. (nobody complained )

Any ideas why not all http traffic will match rule A.

André














================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: Re: [FW1] Segmentation Fault (core dumped)
Next by Date: Re: [FW1] Removing mail Receiver: header
Prev by thread: [FW1] VPN
Next by thread: RE: [FW1] strange behaviour with http scanning and CVP (esafe)
Index(es):
- Date
- Thread