Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Some basic questions

To: "Nijs, Daniel" <[email protected]>
Subject: Re: [FW1] Some basic questions
From: CryptoTech <[email protected]>
Date: Tue, 21 Nov 2000 08:27:25 -0500
Cc: "'[email protected]'" <[email protected]>
References: <[email protected]>
Sender: [email protected]

First of all, good answers Robert.

1.  Average rules 30-960.  After that you reach a soft limit because of the binary
significance of 1024.  (so 1024 max rules)
        Robert is right - most active at top

2. 4.0 to 4.1 is relatively easy.  4.1 will see that there is a previous config and
will ask you if you want backward compatibility.  This will be important if you will
1) have any remaining 4.0 firewalls, and 2) if you are doing this in a staged
approach - multiple firewalls and doing the install over multiple days.
    You will be given the option to preserve directories for backout.

3.  For per user based access, you can do it 1 of 2 ways.  Create a global group,
with generic* and then add specific users to that group.  You will have to specify
user access within the user details page for what source destination.  However since
you will not have control over services that way, I suggest you follow Roberts
solution and just create groups for varying levels/needs for access.

CT

"Nijs, Daniel" wrote:

> Hi all,
>
> I have gone through most FAQ's, phoneboy's site, some other mailing lists,
> and would like your input on these questions:
>
> 1)  What is the average number of rules, and how much does FW-1 really
> support.  I have seen posts where checkpoint techs say that 25 rules is way
> too much, posts that say that average installation is about 10 rules / fw
> installation.  I have quite a few rules in my policy, and would like to know
> how far I can go.  (I am running version 4.0 on Solaris)
>
> 2)  I want to upgrade from version 4.0 to 4.1.  Which are some important
> steps I should take (except for the obvious such as backing up) before
> upgrading, and what other suggestions do you have to do this as smooth as
> possible?
>
> 3)  I am planning on moving away from static ip's and use the session agent
> + user accounts (using radius so we can use our NT domain accounts).  Is
> there anyway I can  add a user@host instead of group@host, or do I have to
> create a group every time I wish to create a new rule for a user (special
> cases need their own rule).  What is your experience with the session agent?
>
> That's it for now, thanks in advance for your time.
>
> Best regards,
>
> Daniel
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Some basic questions
  - From: "Nijs, Daniel" <[email protected]>

Prev by Date: Re: [FW1] DHCP problem with FW-1
Next by Date: Re: [FW1] SecuRemote...
Previous by thread: [FW1] Some basic questions
Next by thread: Re: [FW1] Some basic questions
Index(es):
- Date
- Thread