 | ||
 Problems with a Edonkey rule | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-12-06 | |||
| |||
 Problems with a Edonkey rule Hi I'm using FW1 NGX R61_HFA01. I want to see who in my Network is using Edonkey. Therefore I have created a rule: Source:MyInernalNet, Dest:any, Service: Group"MyEdonkey",Action accept, Track:log The group "MyEdonkey" consist's of two Services, "edonkeyUDP" and "EdonkeyTCP" These services I've created myself. For example the "EdonkeyTCP" (the "EdonkeyUDP" is quite similar. "EdonkeyTCP", in the Advanced Options: Port:1025-65535, Protokoll Type:"EDONKEY", the 'Match Any' box is unchecked. The Problem is, that this rule matches for every connection with port above 1025, it seems that Checkpoint does not care for the Protokoll Type. Is this true? What's my mistake? Thx for help in advance.  |
| 2006-12-14 | |||
| |||
| Re: Problems with a Edonkey rule Dear m You got too many false-positives. Create the following services: TCP / 4661 ---> this is used by the client to login to a edonkey-server TCP / 4662 ---> this is used by the client to connect to other clients UDP / 4665 ---> this is used by the client to send messages to other servers 4662 should match the most.. Edonkey is not really a "protocol" like TCP, IP, ARP, etc.. its more likely a "TCP/UDP-Service" Best wishes, Manuel __________________ To know recursion, you must first know recursion-1 |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
