Printable View
i have a watchguard firebox.
application/octet-stream is not allowed. instead i allow by application ext.
application/rar
application/zip
etc
this leads to a problem when remote servers don't list the mime type in the header in a way the fw can understand.
to cut it short, im under the understanding that allowing application/octet-stream is openning up a big hole in security.
can someone explain this to me and set me straight?
Actually Ted there is more then one place in Watchguard you have to put what is allowed. What you have stated is over the general line in and out. This means on the web in a browser this type of content is allowed. As a general rule sould pose no problem if you have good users that know what they are asking for. Better place is to look at the email setup because you have to allow this content type there also. Took me some time to figure out but in general the tab you set up is what is pushed to your servers via port 80 http downloads, not arriving stuff on other ports usually 25. PM me I worked with their product almost 3 years and yep they have some really confusing setups. They do also have good support, the W2K email issues was a trip, gotta proxy that connect and tweak the ones that fail.