NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] why not a bridge?



no no no no no 

the point of a bridge is that it works at the datlink layer not the network
layer. ie a bridge knows NOTHING about IP. So any IP inspection can not be
done by a true bridge.

SO it can't inspect anything

Also DO not get bridging confused with packet address translation (PIX)

Checkpoint expects packets to move from one IP subnet to another so you will
not be able to bridge.

Any way what's so hard about routing.

Andrew Shore
BTcd 
Information Systems Engineering
Internet & Multimedia 


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: 26 January 2001 16:06
To: [email protected]
Subject: RE: [FW1] why not a bridge?



First, I had tonnes of people let me know that lucents fw always works(or
can work?) as a bridge.

Second,  I don't imagine it would be too hard to write bridging software
that actually does inspect the TCP/IP stack.  I mean if you take a closer
look at how checkpoint says they examine packets, they do it
already.  Checkpoint software itself does not route packets.  I
wonder... If I installed bridging software on my linux box, would
checkpoint still work?  I think I might try that... 

anyone think of a reason why it wouldn't work?  anyone think of a reason
why I wouldn't want to do this?

What do you think?
--Paul


On Fri, 26 Jan 2001, Dean Cunningham wrote:

> Soem thoughts.... have never seen the sun firewall.... a bridge in its
> purest sense,works at the ethernet address level, just a glorified
repeater
> with some knowledge as to what segment a MAC address is on.
> 
> This makes the segements and the bridge vulnerable to broadcast storms for
> one thing. This reduces usable bandwidth. One would also assume DOS
> potential.
> 
> Now a firewall that acts as a bridge could probably handle that...
dunno...
> 
> I think it is more that as the focus on TCP/IP over the past 10 years has
> increased, the use of other protocols and more importantly, non routable
> protocols such as dlc and netbios/netbeui usage has decreased to the
extent
> there is not a big market.
> Sorta VHS vs Beta, the market and the marketers chose the winner.
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Friday, 26 January 2001 10:49 AM
> To: [email protected]
> Subject: [FW1] why not a bridge?
> 
> 
> 
> Can anyone explain why Sun is the only company that seems to produce a
> firewall that runs as a bridge?  I can't see why this isn't a more common
> practise.
> 
> 

-- 
--Paul



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.