Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Spoof Tracking

To: "Marius .R. Banica" <[email protected]>
Subject: Re: [FW1] Spoof Tracking
From: CryptoTech <[email protected]>
Date: Wed, 06 Dec 2000 21:02:33 -0500
Cc: "Thornton, Richard" <[email protected]>, "Firewall-1 Mailing List (E-mail)" <[email protected]>, "Fw1-Wizards (E-mail)" <[email protected]>
References: <3921657A375FD411BCED00508B5ECA018F064D@wizzle.isd.csa.scot.nhs.uk> <001901c05f9d$ef4f4df0$1901010a@xtazy>
Sender: [email protected]

If you are using nat, then the config gets a little more complex.  You will have to
make a note of which ip addresses are static inbound natted and add them to a group
with the internal networks (or dmz objects depending on the dest), and classify them
as specific.  You will have to add a rule for STATIC outbound and put the
corresponding internal interface addresses in a group and set the external as
others+<groupname>.

CryptoTech

"Marius .R. Banica" wrote:

> hi there, simple
>
> internal network - this net - spoof track log
> dmz - build a group with ure networks and hosts there put it under
> specific - spoof track log
> External if - others - spoof track log.
>
> Thats if ure paranoid like myself.. :-)
> ----- Original Message -----
> From: "Thornton, Richard" <[email protected]>
> To: "Firewall-1 Mailing List (E-mail)"
> <[email protected]>; "Fw1-Wizards (E-mail)"
> <[email protected]>
> Sent: Wednesday, December 06, 2000 4:26 PM
> Subject: [FW1] Spoof Tracking
>
> >
> > Hi All
> >
> > Quick Question
> >
> > I have a simple firewall configuration
> >
> > 1 firewall with 3 interfaces
> >
> >
> >   Internet
> > |
> > |
> >     Firewall--DMZ
> > |
> > |
> >   Localnet
> >
> > Assume the Internet IF is valid addresses "Any"
> > Assume the DMZ IF is valid addresses "This Net"
> > Assume the Localnet IF is valid addresses "This Net"
> >
> > Question which? if any? interfaces should I turn spoof tracking to log or
> > alert, and why?
> >
> > Many Thanks in advance.
> >
> > Richard
> >
> >
> > _________________________________________________________________
> > Common Services Agency Disclaimer
> >
> > The information contained in this message may be confidential
> > or legally privileged and is intended for the addressee only.
> > If you have received this message in error or there are any
> > problems please notify the originator immediately.
> > The unauthorised use, disclosure, copying or alteration of this
> > message is strictly forbidden.
> > _________________________________________________________________
> >
> >
> >
> >
> ============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Spoof Tracking
  - From: "Thornton, Richard" <[email protected]>
- Re: [FW1] Spoof Tracking
  - From: "Marius .R. Banica" <[email protected]>

Prev by Date: Re: [FW1] Secure Remote issue
Next by Date: Re: [FW1] WatchGuard and IP440
Previous by thread: Re: [FW1] Spoof Tracking
Next by thread: [FW1] FW1 and Marconi ESX
Index(es):
- Date
- Thread