CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Content Security/Security Servers/CVP/UFP
Reload this Page URI resource rules not working and tearing my hair out
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-02-20
philofish philofish is offline
Member
  
Join Date: 2006-01-07
Posts: 32
Rep Power: 0
philofish has an average reputation (10+)
Default URI resource rules not working and tearing my hair out
PLEASE PLEASE PLEASE PLEASE HELP ME ON THIS ISSUE - This IS NG/AI R55
I have the following rules in place
noting else
Rule SRC DST SRV ACTION
1. Internal_net ANY HTTP Resource Reject
2. Internal_net ANY HTTP Accept
3. ANY ANY ANY Drop

I have tried a URI resource using both wildcards and file types - now moving onto UFP

I cannot get any of them to work in the above scenario
I have configured the file type method as follows
www.amazon.co.uk<tab><tab>1<RTN>
etc etc

I have configured the Wildcard as simple as this
on the match tab i have EVERYTHING selected
& host, path and query as default[*]
on the action tab i have a replacement URL - i have even tried the weeding options and nothing works - it only works when i allow rule 1
I have DNS installed on the firewall and its a windows 2003 server [i know but its a lab]
What am i missing? it just wont plain work! :(
Much Thanks for any info !
Last edited by philofish; 2006-02-20 at 08:13. Reason: more info
Reply With Quote
  #2 (permalink)  
Old 2006-02-27
stuartgreen stuartgreen is offline
Member
  
Join Date: 2005-09-15
Posts: 65
Rep Power: 3
stuartgreen has an average reputation (10+)
Default Re: URI resource rules not working and tearing my hair out
bear in mind that firewall-1 is a firewall, any other bells and whistles should be seen as a bonus. if you need full content filtering you should consider something dedicated for this (bluecoat, clearswift etc..)

i've played about with URI's quite a bit and the only way i've got it to work was with simple urls specified using a file. there's a thread here somewhere about what needs to be in the file to make it work. (but don't get your hopes up, its pretty basic and unless you specifiy a custom 'access denied' screen it's pretty ugly too :P)
Reply With Quote
  #3 (permalink)  
Old 2006-02-27
Sergej Sergej is offline
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 3
Sergej has an average reputation (10+)
Default Re: URI resource rules not working and tearing my hair out
Find out checkpoint courseware and configure case from the hands on tasks. This is definitely working. Do you see detail URL's in the log?
The hand on must be just before this chapter (if I'm not wrong).
http://www.checkpoint.com/services/e...ngx_sample.pdf
Reply With Quote
  #4 (permalink)  
Old 2006-03-01
Lackie Lackie is offline
Senior Member
  
Join Date: 2005-08-22
Location: Ottawa, Canada
Posts: 347
Rep Power: 3
Lackie has an average reputation (10+)
Default Re: URI resource rules not working and tearing my hair out
It may be helpful if you explain what is happening. You mention that it doesn't work but you don't go into specifics. 'Not working' is pretty vague and to help you out with this we will need what is happening when it isn't working.
Reply With Quote
  #5 (permalink)  
Old 2006-03-10
Davek Davek is offline
Junior Member
  
Join Date: 2006-03-10
Posts: 8
Rep Power: 0
Davek has an average reputation (10+)
Default Re: URI resource rules not working and tearing my hair out
Just started Playing with this myself and found the same symptom.Looks like in my case that the objects that are applied to this rule Bypass the hide nat but haven't figured out why yet
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 21:08.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0