>>> "Christopher J. Wargaski" 23/01/2008 04:28 >>>
>Hey Ian--
>
> The source TCP port will be (nearly) random, but your workstations
>will be configured to proxy to Surf Control at TCP port 8081. You
>first want to permit that traffic, then explicitly deny HTTP access
>elsewhere. Finally, allow the rest of your stuff.


That was exactly what I needed, once I'd put in an extra "deny" for SSL traffic. Many thanks!

Ta,
IR.

*********************************
Ian Rarity
Technical Engineer
ESPC (UK) Ltd.
T: (44)131 624 8000
F: (44)131 624 8509
http://www.espc.com ( http://www.espc.com/ )



************************************************** *****************
Private and Confidential: This e-mail transmission is strictly
confidential and intended solely for the addressee. It may contain
privileged and confidential information and if you are not the
intended recipient, you must not copy, disclose, distribute or
take any action in reliance on it. If you have received this
e-mail in error, please delete it and notify our E-mail Systems
Administrator on +44 (0) 131 624 8000. ESPC (UK) Ltd does not
accept any liability for any harm that may be caused to the
recipient's system or data by this message or any attachment.

ESPC (UK) Ltd is a company registered under the Companies
Acts in Scotland (Registered Number SC203535), and having its
registered office at 90A George Street, Edinburgh, Midlothian
EH2 3DF.

ESPC (UK) Limited is authorised and regulated by the Financial
Services Authority.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards