NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] why not a bridge? (and hot air)



What a lot of hot air.  

Rather than debating this theoretically, take a close look at the 
Lucent Managed Firewall (LMF).

It's a high-end, high-capacity, very smart, very powerful, IP firewall 
which does pretty much everything Firewall-1 can do (plus a number of 
very interesting unique capabilities) and does it all as a BRIDGE.



> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Wednesday, February 07, 2001 9:09 AM
> To: [email protected]
> Subject: FW: RE: [FW1] why not a bridge?
> 
> 
> 
> I actually built a prototype firewall based on bridging technology, so
> it certainly can be done.  The nice thing about building it 
> into a bridge,
> is ZERO network configuration is required.  This is great for 
> things like
> the consumer market (aka cable modems, etc).  Just plug the 
> box in between
> the cable modem and your PC - no additional addresses needed, 
> no network
> configuration needed, just go.  Of course you still need to configure
> firewall functions....
> 
> -Jon Allen
> 
> 
> >Date: Fri, 26 Jan 2001 15:56:52 -0500 (EST)
> >From: [email protected]
> >Subject: RE: [FW1] why not a bridge?
> >
> >Andrew,
> >
> >I hate to say this, but... try thinking outside the box!  
> Just because the
> >bridge you bought ten years ago doesn't have the 
> functionallity that I am
> >suggesting doesn't mean that it shouldn't be done!  Or tried atleast.
> >
> >I am not mistaking anything, I just think that it would be 
> more secure if
> >the firewall was transparent.
> >
> >Does checkpoint RELY on packets going form one subnet to anyother?  I
> >don't see why/  If I have a two port FW that is running as a 
> bridge then
> >I don't see why checkpoint couldn't handle it.
> >
> >On Fri, 26 Jan 2001 [email protected] wrote:
> >
> >> no no no no no
> >>
> >> the point of a bridge is that it works at the datlink layer not the
> network
> >> layer. ie a bridge knows NOTHING about IP. So any IP 
> inspection can not
> be
> >> done by a true bridge.
> >
> > SO it can't inspect anything
> >
> > Also DO not get bridging confused with packet address 
> translation (PIX)
> >
> > Checkpoint expects packets to move from one IP subnet to 
> another so you
> will
> > not be able to bridge.
> >
> > Any way what's so hard about routing.
> >
> > Andrew Shore
> > BTcd
> > Information Systems Engineering
> > Internet & Multimedia
> >
> >
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]]
> > Sent: 26 January 2001 16:06
> > To: [email protected]
> > Subject: RE: [FW1] why not a bridge?
> >
> >
> >
> > First, I had tonnes of people let me know that lucents fw 
> always works(or
> > can work?) as a bridge.
> >
> > Second,  I don't imagine it would be too hard to write 
> bridging software
> > that actually does inspect the TCP/IP stack.  I mean if you 
> take a closer
> > look at how checkpoint says they examine packets, they do it
> > already.  Checkpoint software itself does not route packets.  I
> > wonder... If I installed bridging software on my linux box, would
> > checkpoint still work?  I think I might try that...
> >
> > anyone think of a reason why it wouldn't work?  anyone 
> think of a reason
> > why I wouldn't want to do this?
> >
> > What do you think?
> > --Paul
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.