Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Basic questions

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] Basic questions
From: "Robert MacDonald" <[email protected]>
Date: Sun, 17 Dec 2000 13:26:12 -0500
Sender: [email protected]

Rahul,

1. Depends on the version. CP FW1 v4.0 will allow connections
to continue, after you install a policy(except for VPN type
connections, which would have to be re-established).

The default in v4.1sp2 is to disallow them. This can be
changed, see phoneboy.com for info. If I've interpreted
your question properly, your most likely running v4.1sp2.

When you should install a new policy is based upon your
site and the companies policies. If, for example, you have
a large site with many rules and you install a new rulebase that
by accident cut's off access for important processes or allows
all sorts of stuff in, could you afford the time it would take to install
a corrected rulebase? How would you look in the eyes of those
who've trusted you to run a smooth operation?

2. The system has logic builtin to support for known services. In
your case, you would have to enhance the system to account for
the outbound traffic on one port and the return traffic on the other
port. IOW, you would need to define the services needed and the
rules to support these services.

HTH,
Robert

- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> Rahul Parasnis <[email protected]> 12/15/00 4:57:29 AM >>>
>Hello All, 
>I am new to this field , there are some doubts which I have in mind , I will be 
>obliged 
>if anybody can explain about it.
>1. Whenever I install Security Policy , does all active connections gets lost ? 
>    is it advisable to install policy during peak hours ?
>2. If there is one port which has to be opened to go outside Firewall, normally 
>another port also establishes 
>it's connection with the source Machine. 
>if you see netstat 
>
>tcp        0      0  202.35.82.118.51357    202.35.85.65.8144       SYN_SENT
>
>this 8144 port is opened but it gets droped by the last rule. 
>Like I understand for telnet you have to open only 23 Port. not the other port.
>
>Is there anything I am missing Here ? 
>
>Thanks 
>- Rahul 




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] fetching Security
Next by Date: Re: [FW1] Upgrade from CP2000 to SP2
Previous by thread: [FW1] Basic questions
Next by thread: [FW1] error !!!
Index(es):
- Date
- Thread