NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] why not a bridge?



First, I had tonnes of people let me know that lucents fw always works(or
can work?) as a bridge.

Second,  I don't imagine it would be too hard to write bridging software
that actually does inspect the TCP/IP stack.  I mean if you take a closer
look at how checkpoint says they examine packets, they do it
already.  Checkpoint software itself does not route packets.  I
wonder... If I installed bridging software on my linux box, would
checkpoint still work?  I think I might try that... 

anyone think of a reason why it wouldn't work?  anyone think of a reason
why I wouldn't want to do this?

What do you think?
--Paul


On Fri, 26 Jan 2001, Dean Cunningham wrote:

> Soem thoughts.... have never seen the sun firewall.... a bridge in its
> purest sense,works at the ethernet address level, just a glorified repeater
> with some knowledge as to what segment a MAC address is on.
> 
> This makes the segements and the bridge vulnerable to broadcast storms for
> one thing. This reduces usable bandwidth. One would also assume DOS
> potential.
> 
> Now a firewall that acts as a bridge could probably handle that... dunno...
> 
> I think it is more that as the focus on TCP/IP over the past 10 years has
> increased, the use of other protocols and more importantly, non routable
> protocols such as dlc and netbios/netbeui usage has decreased to the extent
> there is not a big market.
> Sorta VHS vs Beta, the market and the marketers chose the winner.
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Friday, 26 January 2001 10:49 AM
> To: [email protected]
> Subject: [FW1] why not a bridge?
> 
> 
> 
> Can anyone explain why Sun is the only company that seems to produce a
> firewall that runs as a bridge?  I can't see why this isn't a more common
> practise.
> 
> 

-- 
--Paul



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.