[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Proxy server

To: Andrew.Walls@bankwest.com.au
Subject: Re: [FW1] Proxy server
From: Carric Dooley <carric@com2usa.com>
Date: Sun, 3 Oct 1999 20:13:23 -0400 (EDT)
Cc: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>



I think he wants to implement a transparent proxy solution.  So he won't
have to reconfigure all of his browsers.  Even if they are configured to
go direct, they go through a proxy... he needs port redirection for this.
I dunno if FW-1 does that.

On Mon, 4 Oct 1999 Andrew.Walls@bankwest.com.au wrote:

> 
> Maybe I'm missing something here...  Why not just set up a rule that no
> HTTP traffic can transit the firewall unless it is to and/or from your
> Proxy server?  If the proxy is in a separate DMZ it makes it pretty easy to
> do.  Set up rules for the trusted LAN that enable users to reach the proxy
> on port 80 (although I recommend 8080 instead) but not the outside world.
> Then set up rules that enable the proxy to talk to the world on whichever
> ports you require for web traffic.
> --------------------------------------------
> Andrew Walls, IT Security Analyst, BankWest
> 40 Frame Ct., Leederville, WA, 6007, Australia
> 61-8-9449-3787, FAX 61-8-9449-3795  Mobile  0419926368
> PGP Fingerprint: E0F7 296E D6D5 6057 1E1D F61B 2602 CB8A
> 
> 
> ---------------------------------------- Message History
>       ----------------------------------------
> 
> 
> From: Carric Dooley <carric@com2usa.com> on 04/10/99 01:20
> 
> To:   MUHAMMED RIYAS KUNHI <riyas@pcwes.gov.ae>
> cc:   "'fw-1-mailinglist@lists.us.checkpoint.com'"
>       <fw-1-mailinglist@lists.us.checkpoint.com> (bcc: Andrew
>       Walls/PRS/SS/BankWest)
> 
> Subject:  Re: [FW1] Proxy server
> 
> 
> 
> 
> 
> The only way I can think of (and I have not gotten to work that well
> personally) would be if FW-1 will let you do port redirection.  i.e., if
> someone attempts to connect to port 80 outbound, they get redirected to
> proxy.domain.com:3128.  I am not sure it can do this.
> 
> Another way to get everyone using the proxy if this doesn't work is to
> export the web browswer proxy settings key from the registry.  Trim the
> export .reg file so it only changes proxy settings, make one .reg file for
> each of the browsers on your network, and then e-mail the .reg patches to
> your users (if you are not using some kind of desktop management suite
> like SMS, Landesk or WinInstall).
> 
> Good luck
> 
> On Mon, 4 Oct 1999, MUHAMMED RIYAS KUNHI wrote:
> 
> >
> >
> > Dear friends,
> >
> > I am using fw1 ver 4.0 with windows NT 4.0 SP 5.0 on Intel platform.
> >
> > Recently I installed proxy server on my network. Does any body knows how
> to
> > divert all the incoming http request to go automatically to my proxy
> server
> > (Even if they did not configure the proxy server with their browser ).
> Any
> > help will be appreciated.
> >
> > Thanks and regards
> > riyas@pcwes.gov.ae
> >
> >
> >
> ===========================================================================
> =====
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ===========================================================================
> =====
> >
> 
> 
> 
> ===========================================================================
> =====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ===========================================================================
> =====
> 
> 
> 
> 
> 
> _______________________________________________________________________________
> Unencrypted electronic mail is not secure and may not be authentic.
> If you have any doubts as to the contents please telephone to confirm.
> 
> This electronic transmission is intended only for those to whom it is
> addressed. It may contain information that is confidential, privileged
> or exempt from disclosure by law.  Any claim to privilege is not waived
> or lost by reason of mistaken transmission of this information.
> If you are not the intended recipient you must not distribute or copy this
> transmission and should please notify the sender.  Your costs for doing
> this will be reimbursed by the sender.
> _______________________________________________________________________________
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server
Next by Date: [FW1] SecuRemote and NT domain logon - again
Prev by thread: RE: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server
Next by thread: Re: [FW1] Proxy server
Index(es):
- Date
- Thread