I've been having some serious problems with getting a packet filter
set working on the Micro Router 900i that we have from Compatible Systems.
I have spent quite a bit of time with tech support, but we still can't
figure out the problem.
Someone had setup a filter set long before I was working here. No
gaping holes or anything, but now I want to improve on this set to tighten
things up. The problem I keep running into is basically, no other filter
sets we come up with will work!
I want to allow the people here on the inside to be able to pretty
much do anything outbound. I want to handle it all on the incoming side by
preventing all but the absolute necessities- DNS, SMTP, and replies to
initiated sessions of web access to the outside, ftp, telnet, ping, etc. I
want to specifically deny access to all of the processes running on my
server.
I don't seem to be able to create the deny statements and then do a
permit of all else; or do permit statements of only the things I want coming
in (harder for me to determine), and then deny all else. No matter what I
do to change these filters, I always end up with no access at all outbound
(or at least no replies come back).
Anyone have experience with these routers? Any ideas?
I would greatly appreciate any help that can be given, as I've been
working on this for some time, and Compatible Systems hasn't been able to
come up with an answer.
TIA!
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Disclaimer: Any errors in spelling, tact, or fact are transmission
errors.
Andrea Brenton abrenton @
hurwitz .
com
|
|
