[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Blocking Internet Access for specific IPs

To: "Firewall-1 Mailing List (E-mail)" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Blocking Internet Access for specific IPs
From: Chris Danyo <CDANYO@telemate.com>
Date: Wed, 1 Sep 1999 14:17:16 -0400
Cc: Tim Bradford <BRADFORD@telemate.com>


    [ Part 1, Text/PLAIN (charset: ISO-8859-1 "Latin 1")  76 lines. ]
    [ Unable to print this part. ]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


Has anyone heard of LOG-ON DATA? X-STOP SOLUTIONS???

-----Original Message-----
From: Michael Sleeper [mailto:Sleeper@co.richmond.ga.us]
Sent: Wednesday, September 01, 1999 2:03 PM
To: 'Netadmin'; Firewall-1 Mailing List (E-mail)
Subject: RE: [FW1] Blocking Internet Access for specific IPs



Are there only a few that you want to restrict?  Or are there only a few
you want to give outside access to?

You might try creating a network object entailing your 'Local_Network'.
I would then suggest creating a 'Priviledged' group of network objects
entailing those IP's that are allowed to go outside your
'Local_Network'.

You may also wish to consider what 'Allowed_Services' (HTTP, FTP, IRC,
etc..) you want to allow your privilidged group to use.

Two rules to accomplish your objective might be done as follows:

Rule    Source  ->Dest.         ->Services                      ->Action


a)      Priviledged     ->Any                   ->'Allowed_Services'
->allowed      

b)      Any             ->NOT('Local_Network')->Any
->Reject


This would prevent the non-priviledged users from doing any
'Allowed_services' outside your network.


-----Original Message-----
From: Netadmin [mailto:snfettig.netadmin@hillsdale.edu]
Sent: Wednesday, September 01, 1999 9:21 AM
To: Firewall-1 Mailing List (E-mail)
Subject: [FW1] Blocking Internet Access for specific IPs



     I am definitely new to the Firewall game and am realizing this as
the
days go by.  I want to configure the firewall to block all Internet
access
for specific IPs within my domain.  For example, IP x.x.x.22 should be
allowed to converse/work within our four class C domains but not go out
to
the internet (or outside of the firewall) for anything.  I.E. all
traffic
from these specific IPs to outside the intranet should be blocked.  How
would I create a specific rule for that in FW-1 ver. 3.0a?
     Any help would be much appreciated.

SNF


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


===============================================================================

     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
===============================================================================

Prev by Date: RE: [FW1] Blocking Internet Access for specific IPs
Next by Date: [FW1] FW-1 4.0 GUI Clien
Prev by thread: RE: [FW1] Blocking Internet Access for specific IPs
Next by thread: RE: [FW1] Blocking Internet Access for specific IPs
Index(es):
- Date
- Thread