Is it me? Mime types and attatchment blocking WMF exploit

[systimax]

Hello, we moved away from Watchguard to Checkpoint for robust features. So im sure its me when I ask is it true that you cant block file extensions or mime types in the http layer on the CP R55 Fw-1 ?

Even our Firebox 1000 could do that for about 8 grand less. All the research leads me to using OPSEC and buying another program using and intergrating that using CVP.

Where just trying to do the best to protect against the WMF exploit with what we have.

thanks

 

[ITsmyfault]

use a URI. It's easy to do this. A similar rule was posted on CP's site in April of '04 btw..

under services, create a new URI
on the GENERAL tab, name the thing.. BAD_HTTP
on the MATCH tab, find the PATH dialog and enter
{*.emf, *.wmf}

check off the http check box too.

& that's it.

Now make a rule with it.
ANY MY NET http (with resource-->BAD HTTP) REJECT

and you're all set.

don't get mad. RTM!

*hardest part is making the rule.. use "add with resource" when selecting the service. Then check http, then use the dropdown below to pick the URI you just created.

hth