|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] eSafe v3.0 and/or v2.1 build 101 - a quick look
I'm running at different customer sites using espg 21. build 101 on NT 4.0 SP6. Works well. May you can tell me off-line which problems you want to point out. As Mike already said, Esafe 3 is another story. 'Playing' with Esafe 3.0 it seems that this version acts like a kind of Firewall because you can set some rules how it handles different protocols. I'm not sure what Aladdin tries to accomplish with this version. A complete re-design of the network? Compete with Trendmicros InterScan? BTW: My distributor told me that Aladdin will ship a CVP Version in the second quarter of next year. We will see. sAM -----Original Message----- From: Mike Glassman - Admin [mailto:[email protected]] Sent: Mittwoch, 27. September 2000 07:49 To: 'Chris F'; 'fw-1 listserv' Subject: RE: [FW1] eSafe v3.0 and/or v2.1 build 101 Chris, I have not used Esafe 3 yet, but am looking at it. You have to realise tho, that it works completely differently then Esafe 2 all builds. In Esafe 2, the CVP sits adjacent to the FW, and data is sent via the FW to the Esafe gateway to be scanned and is returned to the FW and from there onwards. So in effect, you could say the FW has 3 legs, 1 to the Internet, one to the CVP, and one to the internal network (in general). Esafe 3 on the other hand, sits between your FW and your internal Net, and does all the scanning of every bit of data that flows to and from the FW, and it is not defined as a CVP. You define what will and will not flow on the Esafe !. To ilistrate : INT | | FW | | Esafe 3 (IP Forwarder) | | Internal Network Since the Esafe 3 is also an IP forwarder, if it goes down.....No Internet at all. As I said, it isn't defined as a CVP, so you don't have any rules on your FW stating to send or not send for checking. The way I understand it to work, is the Esafe stores packets as they enter (or leave) forwarding them onwards to the client, and checks for specific trends, be it virii, activx, java etc, and if it finds something it thinks should not go anywhere, it simply drops the last packet, so the client gets nothing, or if ok, passes the last packet and the client gets what they want. I personally, like the idea, but do not like the fact that it sits before the FW and between the Internal Net and the FW. One thing I forgot to mention, is that it needs two NIC's (obviosly) and two IP adresses on seperate net's so the leg pointing to the Internal Network, and the one pointing to the FW's leg can only talk via the software. This of course adds the additional issue that you need to change routing issues on routers to point to the internal Esafe leg as the def gateway, and if it goes down, go start making all sorts of changes to the routers, clients etc. You get the idea. Hope this helped a bit. Mike > -----Original Message----- > From: Chris F [SMTP:[email protected]] > Sent: ã ñôèîáø 27 2000 4:35 > To: Firewall One List > Subject: [FW1] eSafe v3.0 and/or v2.1 build 101 > > > Hi All, > > Anyone running eSafe v3.0 and/or eSafe v2.1/build 101? > > If so, any issues? In particular, with FTP and SMTP > scanning? > > I am also wondering if they fixed Java/ActiveX > scrubbing. > > I would run it on NT4.0 SP5 and FW-1 v4.1 SP2 > > Thanks Much! -- Chris > > __________________________________________________ > Do You Yahoo!? > Send instant messages & get email alerts with Yahoo! Messenger. > http://im.yahoo.com/ > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
