Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Allow/Deny websites

Status
Not open for further replies.
vasilec

vasilec

MIS
Jul 14, 2005
10
0
0
US
I am a programer, not too familiar with firewalls and I've just got a new assignment. Our Firewall: Firebox X1000. The WathcGuard is blocking users to go to certain web sites; the think is, that is blocking other web sites too. I have to add the IP address for these valid web sites in a 'allowed list' (HTTP-Bypass). This solution it doesn't work for us. For example, when doing the updates for Windows, they change teir IP's all the time, so we have to add on, and on, and on...I eveng got a message saying: 'A filter rule for HTTP-Bypass has reached the maximum # of entries allowed. The entries will be truncated'. Is there any way to allow an entire web site to be allowed? Like Microsoft with all their IP's...?
Thank you and I hope I will get some answers.
 
Sort by date Sort by votes
Whats the software version that is running on the Firebox ? Is it FireWare Pro ? If not then in order to allow Microsoft Updates follow the steps mentioned below: -

For Proxied-HTTP or HTTP proxy you will need to complete the following steps:

Click on the Properties Tab then click Settings. On this page uncheck the following:

1) Remove Client Connection Info

2) Remove Unknown Headers

3) and Remove Require Content Type

Now on the Content Type Tab and the content types/MIME types that are needed are:

1) application/octet-stream

2) application/x-javascript

3) application/x-msdownload

4) multipart/byteranges

Regarding the other issue of IPs getting blocked...can you tell me how have you configured the services, also what all logs do you get in the traffic monitor when this happens.
 
Upvote 0 Downvote
The Fireware Pro might have the Webblocking service running with the HTTP-Proxy service. That might explain certian sites being blocked outright.
 
Upvote 0 Downvote
It has the Webblocking installed and certain websites are blocked. But it is just crazy to unblock IP add like every other few days for Microsoft
 
Upvote 0 Downvote
I think your next step might be to setup a Microsoft WSUS server for the domain and create a new HTTP-Filter (not HTTP-Proxy) and have only the WSUS servers IP to ANY. This way weblocker and the http-proxy will leave the updates alone, and save you internet bandwidth by having only a single device pull updates internally through the filter. The WSUS will then hand out all updates across the LAN.

OUTGOING From <your wsus ip here> To Any
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
51
gbayi_omo
gbayi_omo
rjwaunakee
  • Locked
  • Question
Allow Connections with Domain Names
Replies
0
Views
33
rjwaunakee
rjwaunakee
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
44
brownmab53
brownmab53
snootalope
  • Locked
  • Question
Allow/Deny - Which over-rides?
Replies
1
Views
36
iggsterman
iggsterman
AzDan
  • Locked
  • Question
Block FaceBook but allow access.
Replies
0
Views
29
AzDan
AzDan

Part and Inventory Search

Sponsor

Back
Top