NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] why not a bridge?



I actually built a prototype firewall based on bridging technology, so
it certainly can be done.  The nice thing about building it into a bridge,
is ZERO network configuration is required.  This is great for things like
the consumer market (aka cable modems, etc).  Just plug the box in between
the cable modem and your PC - no additional addresses needed, no network
configuration needed, just go.  Of course you still need to configure
firewall functions....

-Jon Allen


>Date: Fri, 26 Jan 2001 15:56:52 -0500 (EST)
>From: [email protected]
>Subject: RE: [FW1] why not a bridge?
>
>Andrew,
>
>I hate to say this, but... try thinking outside the box!  Just because the
>bridge you bought ten years ago doesn't have the functionallity that I am
>suggesting doesn't mean that it shouldn't be done!  Or tried atleast.
>
>I am not mistaking anything, I just think that it would be more secure if
>the firewall was transparent.
>
>Does checkpoint RELY on packets going form one subnet to anyother?  I
>don't see why/  If I have a two port FW that is running as a bridge then
>I don't see why checkpoint couldn't handle it.
>
>On Fri, 26 Jan 2001 [email protected] wrote:
>
>> no no no no no
>>
>> the point of a bridge is that it works at the datlink layer not the
network
>> layer. ie a bridge knows NOTHING about IP. So any IP inspection can not
be
>> done by a true bridge.
>
> SO it can't inspect anything
>
> Also DO not get bridging confused with packet address translation (PIX)
>
> Checkpoint expects packets to move from one IP subnet to another so you
will
> not be able to bridge.
>
> Any way what's so hard about routing.
>
> Andrew Shore
> BTcd
> Information Systems Engineering
> Internet & Multimedia
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: 26 January 2001 16:06
> To: [email protected]
> Subject: RE: [FW1] why not a bridge?
>
>
>
> First, I had tonnes of people let me know that lucents fw always works(or
> can work?) as a bridge.
>
> Second,  I don't imagine it would be too hard to write bridging software
> that actually does inspect the TCP/IP stack.  I mean if you take a closer
> look at how checkpoint says they examine packets, they do it
> already.  Checkpoint software itself does not route packets.  I
> wonder... If I installed bridging software on my linux box, would
> checkpoint still work?  I think I might try that...
>
> anyone think of a reason why it wouldn't work?  anyone think of a reason
> why I wouldn't want to do this?
>
> What do you think?
> --Paul



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.