SETTING UP THE NG FIREWALL-1 SECURITY SERVERS (GENERAL NOTES)

SETTING UP THE NG FIREWALL-1 SECURITY SERVERS

GENERAL NOTES

Proxying to the firewall security server by setting the internal interface of the firewall as the proxy in a web browser.

if you are proxying from the browser to the firewall using port 80 then use the http service that is pre-defined. if you are intending to use a different port you will have to create a service for it and set the protocol type to "http" in the service advanced properties

create a new "resource", type "URI"

general tab:
connection method set to "proxy"
URI match set to "wild cards"

match tab:
scheme set to "http"
method set to "get"
host* set to *:*{80,8000,8080}
path set to *
query set to *

*(where the number in the {parenthesis} is the ports that you wish to allow your security server to allow. if you don't allow them here you will receive "content security - access denied" in the log viewer.

remember this example proxies on port 80 from the browser to the firewall so when you "add with resource" you add http in this case.

the settings above are simply to get you going. you could make the resource match less general if you wanted to match something more specific.

if you want to use a different port to port 80, you must edit $FWDIR/conf/fwauthd.conf and copy the line:

80 fwssd in.ahttpd wait 0
to read:
<your new port> 80 fwssd in.ahttpd wait 0

transparent mode

use this mode when the firewall is the default gateway for the network but isn't used directly as a proxy server

tunneling mode

used for https, and "connect" mode. haven't really looked into that yet, but it seems more like an emerging protocol. https can be used by proxy mode.

12TH NOV 2002 JIM PARKER

< back