allow dynamic url/domain

Hi Gurus,

I have problem on allowing domain through checkpoint.
I want to allow user to www.yahoo.com and allow smart center
server to
automcatically update smart defense.

Can someone help me to build the rules, because yahoo.com
and smartdefense
IP address is dynamically change.

Thanks

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Try to use rules with domain objects: Network
Objects-->new...-->Others-->Domain


Juniman Kasman wrote:
> Hi Gurus,
> 
> I have problem on allowing domain through checkpoint.
> I want to allow user to www.yahoo.com and allow smart
center server to
> automcatically update smart defense.
> 
> Can someone help me to build the rules, because
yahoo.com and smartdefense
> IP address is dynamically change.
> 
> Thanks
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

hi,

I can't recommend working with domain-names because the fw
is 
required to do dns-lookups for every IP then - and this
makes it slow.

for http you can work with ressources - but this only works
for http.

so if you need to setup filters based on names the better
solution is 
to use a proxy or something like that. for example aladdin
esafe is a 
fine solution for http, ftp 

cheers
reinhard

At 06:10 23.02.2006, you wrote:
>Hi Gurus,
>
>I have problem on allowing domain through checkpoint.
>I want to allow user to www.yahoo.com and allow smart
center server to
>automcatically update smart defense.
>
>Can someone help me to build the rules, because
yahoo.com and smartdefense
>IP address is dynamically change.
>
>Thanks
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERVamadeus.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http:
//www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-ownerts.checkpoint.com
>=================================================

-- 
Reinhard Stich  ASSIST  R.Stichinternet-security.at
Internet Security AG,      1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Reinhard Stich wrote:
> hi,
> 
> I can't recommend working with domain-names because
the fw is required
> to do dns-lookups for every IP then - and this makes it
slow.
> 
> for http you can work with ressources - but this only
works for http.

Doesn't http_resoucers do dns-lookups? what's the
diference? caches?
> 
> so if you need to setup filters based on names the
better solution is to
> use a proxy or something like that. for example aladdin
esafe is a fine
> solution for http, ftp 
> 
> cheers
> reinhard
> 
> At 06:10 23.02.2006, you wrote:
> 
>> Hi Gurus,
>>
>> I have problem on allowing domain through
checkpoint.
>> I want to allow user to www.yahoo.com and allow
smart center server to
>> automcatically update smart defense.
>>
>> Can someone help me to build the rules, because
yahoo.com and
>> smartdefense
>> IP address is dynamically change.
>>
>> Thanks
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERVamadeus.us.checkpoint.com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http:
//www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-ownerts.checkpoint.com
>> =================================================
> 
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

hi,

At 10:01 23.02.2006, you wrote:
>Reinhard Stich wrote:
> > hi,
> >
> > I can't recommend working with domain-names
because the fw is required
> > to do dns-lookups for every IP then - and this
makes it slow.
> >
> > for http you can work with ressources - but this
only works for http.
>
>Doesn't http_resoucers do dns-lookups? what's the
diference? caches?

ressource looks at HTTP-headers, domain-object in the
rulebase looks 
into the IP-header over *every* packet, that's a little bit
more to 
do for the firewall 

my solution for that is to have a nslookup-script, that
informs me 
about IP-changes for some sites and I update the
firewall-config then ...
this is ok for 1 or 2 domains, that's nightmare if you have
more 
domains/URLs to monitor. then it's time to invest into a
spezialized 
product 

cheers
reinhard

-- 
Reinhard Stich  ASSIST  R.Stichinternet-security.at
Internet Security AG,      1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Hi All,

If I have checkpoint connect directly to the internet
routers or proxy
server, and smartcenter behind checkpoint; what's the
policy/rules needed to
allow smardefense update?

Can u help me to construct the rules?

Thanks

On 2/23/06, Reinhard Stich <r.stichinternet-security.at>
wrote:
>
> hi,
>
> At 10:01 23.02.2006, you wrote:
> >Reinhard Stich wrote:
> > > hi,
> > >
> > > I can't recommend working with domain-names
because the fw is required
> > > to do dns-lookups for every IP then - and
this makes it slow.
> > >
> > > for http you can work with ressources - but
this only works for http.
> >
> >Doesn't http_resoucers do dns-lookups? what's the
diference? caches?
>
> ressource looks at HTTP-headers, domain-object in the
rulebase looks
> into the IP-header over *every* packet, that's a
little bit more to
> do for the firewall 
>
> my solution for that is to have a nslookup-script, that
informs me
> about IP-changes for some sites and I update the
firewall-config then ...
> this is ok for 1 or 2 domains, that's nightmare if you
have more
> domains/URLs to monitor. then it's time to invest into
a spezialized
> product 
>
> cheers
> reinhard
>
> --
> Reinhard Stich  ASSIST  R.Stichinternet-security.at
> Internet Security AG,      1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>



--
Juniman Kasman
Security Consultant

PT Packet Systems Indonesia
(a member of DMX Technologies)
Phone   : +62 21 577 0777
Fax       : +62 21 577 0222
Mobile  : +62 816 965689
Email    : juniman.kasmanpacket-systems.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================