problems with https on 4.1



  • 1. Why BOOTPS from the Internet?
    My firewall log keeps showing that svchost.exe (Windows XP Pro) is being called from from the internet. This is a bogus IP address. Port 67 UDP is the Bootstrap Protocol Server designed to boot diskless workstations. The fire wall is blocking servers so this isn't going through, but why would this be happening? Is this a known vunerability? Henry Hub
  • 2. Zone Alarm "No privacy"
    From ZA support recently "Thank you for your inquiry. Please Disable the privacy settings and see if they work correctly on that page. With Windows XP installed we recommend that you disable the privacy settings completely." And when I asked for confirmation "Thank you for your response. These settings are left over from windows 98/ME programs and cause more of a problem with XP then they can be useful. Since the same settings are built into your operating system please leave them disabled. The firewall and other features of ZA are what actually provides you the protection. I apologize for the confusion." Thoughts anyone? I was not amused, ahving spent many a "happy time" trying to access sites. Be nice of them to be a bit clearer about all this.
  • 3. iptables output log
    [1]$ iptables -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level 7 --log-prefix "Output: "

Re: problems with https on 4.1

Postby gert5142 » Sat, 12 Jul 2003 19:20:57 GMT

When I add a rule on top af the rulebase that allows both http ans
https and don't set a proxy-setting in the clients it works fine.

The problem is in fact that all clients have a proxy set in their
browser with which they authenticate with the FW with a name and
password and we rather would like to keep that in place.

We don't use a plugin for HTTP security server. So no Websense or Web
sweeper. It's a stand alone FW (management and enforcement module on
the same machine)

Kind Regards,

Return to firewall


Who is online

Users browsing this forum: No registered users and 31 guest