Firewalls: Soltice Firewall

Firewalls
(February 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Soltice Firewall
From:	Warlord <wongfws @ teledata . com . sg>
Organization:	Teledata (Singapore) Limited
Date:	Thu, 19 Feb 1998 18:20:25 +0800
To:	firewalls @ GreatCircle . COM

Hi all

I have a problem installing the Soltice Firewall with the rules.

>     The following are the information for the my customer.
>     Basically they are using this soltice firewall to control the
> accessing of Intranet and Internet.
>
> Cutomer-----Firewall------Other----Proxy----Internet
>                                           Depts
> (10.9.x.x)
> Subnet mask : 255.255.255.0
>
>     For the accessing of the Intranet, there should be no control. But
> for accessing of Internet, the firewall should authenticate the user and
>
> access through proxy. Their browser has been configure with proxy
> pointing to 10.9.2.3 with port 80 (which is the check-point firewall)
> and the firewall http next proxy pointing to original proxy server with
> port 8080. No proxy for accessing Intranet has been configure on the
> browser as well.
>
>     The following is the policy that used by my customer.
>
> 1    Any        Any         rip
>                                    rip-response  accept
>                                    dns
>
> 2    SotLin    Firewall    FireWall1    accept
>
> 3    Any       Mail         smtp             accept
>
> 4    Mail        Any        smtp             accept
>
> 5    Any        MOF      telnet            accept
>                     MOF2
>
> 6    MOF      Any         lpd              accept
>       MOF2
>
> 7    NET10    NET10   Any            accept
>
> 8    InternetUser @
 Any    Any     http    userauth
>
> 9    Any        Any        Any              drop
>
>         Due to the facts that they have a lot of subnets, I have created
>
> a NET10 object, which is network 10.0.0.0 with subnet mask 255.0.0.0 for
>
> the Intranet access. The rest of the rules working fine, but once I add
> in the rule 7 and 8, which suppose to permit Intranet without control
> and user authentication for Internet access, the whole thing doesn't
> work at all. I cannot access to Internet and it will never prompt me for
>
> authentication at all but just timeout, I can't even access to Intranet.
>
> If  I were to change the rule 7 to more details, which means I define
> all the subnets for the source and destination instead of NET10, it
> works fine. The problem now is there is a lot of subnets even for
> my customer itself and the subnets information for other depts
> is unknown.
>
>     Please kindly look into the problem and I appreciate if your can help
>
> me to solve this problem.
>
>     Thank you.
>

begin:          vcard
fn:             Spencer Wong
n:              Wong;Spencer
org:            Teledata (Singapore) Limited
adr;dom:        10 Dundee Road #06-01;;Setron Building;Singapore 149455;;;
email;internet: wongfws @
 teledata .
 com .
 sg
title:          Sales Engineer
tel;work:       4706-502
tel;fax:        4711-766
x-mozilla-cpt:  ;0
x-mozilla-html: FALSE
version:        2.1
end:            vcard

Indexed By Date	Previous:	Hey There!!! From: ln000329 <pornhaven @ innocent . com>
Indexed By Date	Next:	Re: Use the CISSP, Luke -reply From: mht @ clark . net
Indexed By Thread	Previous:	Hey There!!! From: ln000329 <pornhaven @ innocent . com>
Indexed By Thread	Next:	How to pass protected firewalls? From: "Bart Sibon"<Bart_Sibon @ nl . coopers . com>