Results 1 to 2 of 2
  1. #1
    Senior Member
    Join Date
    Nov 2001


    i have a watchguard firebox.

    application/octet-stream is not allowed. instead i allow by application ext.


    this leads to a problem when remote servers don't list the mime type in the header in a way the fw can understand.

    to cut it short, im under the understanding that allowing application/octet-stream is openning up a big hole in security.

    can someone explain this to me and set me straight?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Actually Ted there is more then one place in Watchguard you have to put what is allowed. What you have stated is over the general line in and out. This means on the web in a browser this type of content is allowed. As a general rule sould pose no problem if you have good users that know what they are asking for. Better place is to look at the email setup because you have to allow this content type there also. Took me some time to figure out but in general the tab you set up is what is pushed to your servers via port 80 http downloads, not arriving stuff on other ports usually 25. PM me I worked with their product almost 3 years and yep they have some really confusing setups. They do also have good support, the W2K email issues was a trip, gotta proxy that connect and tweak the ones that fail.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts