[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] why not a bridge? (and hot air)
What a lot of hot air. Rather than debating this theoretically, take a close look at the Lucent Managed Firewall (LMF). It's a high-end, high-capacity, very smart, very powerful, IP firewall which does pretty much everything Firewall-1 can do (plus a number of very interesting unique capabilities) and does it all as a BRIDGE. > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Wednesday, February 07, 2001 9:09 AM > To: [email protected] > Subject: FW: RE: [FW1] why not a bridge? > > > > I actually built a prototype firewall based on bridging technology, so > it certainly can be done. The nice thing about building it > into a bridge, > is ZERO network configuration is required. This is great for > things like > the consumer market (aka cable modems, etc). Just plug the > box in between > the cable modem and your PC - no additional addresses needed, > no network > configuration needed, just go. Of course you still need to configure > firewall functions.... > > -Jon Allen > > > >Date: Fri, 26 Jan 2001 15:56:52 -0500 (EST) > >From: [email protected] > >Subject: RE: [FW1] why not a bridge? > > > >Andrew, > > > >I hate to say this, but... try thinking outside the box! > Just because the > >bridge you bought ten years ago doesn't have the > functionallity that I am > >suggesting doesn't mean that it shouldn't be done! Or tried atleast. > > > >I am not mistaking anything, I just think that it would be > more secure if > >the firewall was transparent. > > > >Does checkpoint RELY on packets going form one subnet to anyother? I > >don't see why/ If I have a two port FW that is running as a > bridge then > >I don't see why checkpoint couldn't handle it. > > > >On Fri, 26 Jan 2001 [email protected] wrote: > > > >> no no no no no > >> > >> the point of a bridge is that it works at the datlink layer not the > network > >> layer. ie a bridge knows NOTHING about IP. So any IP > inspection can not > be > >> done by a true bridge. > > > > SO it can't inspect anything > > > > Also DO not get bridging confused with packet address > translation (PIX) > > > > Checkpoint expects packets to move from one IP subnet to > another so you > will > > not be able to bridge. > > > > Any way what's so hard about routing. > > > > Andrew Shore > > BTcd > > Information Systems Engineering > > Internet & Multimedia > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: 26 January 2001 16:06 > > To: [email protected] > > Subject: RE: [FW1] why not a bridge? > > > > > > > > First, I had tonnes of people let me know that lucents fw > always works(or > > can work?) as a bridge. > > > > Second, I don't imagine it would be too hard to write > bridging software > > that actually does inspect the TCP/IP stack. I mean if you > take a closer > > look at how checkpoint says they examine packets, they do it > > already. Checkpoint software itself does not route packets. I > > wonder... If I installed bridging software on my linux box, would > > checkpoint still work? I think I might try that... > > > > anyone think of a reason why it wouldn't work? anyone > think of a reason > > why I wouldn't want to do this? > > > > What do you think? > > --Paul > > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|