Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] why not a bridge? (and hot air)

To: "Craig Skelton" <[email protected]>, <[email protected]>, <[email protected]>
Subject: Re: [FW1] why not a bridge? (and hot air)
From: "Thomas Stala" <[email protected]>
Date: Wed, 7 Feb 2001 23:03:26 -0800
Organization: Lucent
References: <[email protected]>
Reply-to: "Thomas Stala" <[email protected]>
Sender: [email protected]

wew we let me tell u how as a bridge.

ok it is not that exciting.

but it is a firewall built on a bridge.
You can stick it in between two routers
point the two routers at each other not the brick
the brick will do packet filtering in the middle

lets say we are in between two routers 192.168.2.0 net /24
I set the brick up with all four interfaces lets say 172.0.0.2 yes all 4
interfaces
I can kill what ever I want to.
you can not ping it
tracert it nothing. It is their and it is doing it's job as a bridge

you can assign IP's to the interface and add it to the network so to say.
    default gateway
it does PAT real good.
it is fast and easy to use.
it has also got the easiest HA out rightnow. I mean it's HA is ID10T proof.

well I could keep going on but U get the picture.

ps I have been installing checkpoint for 3 years. Just learning the LMF aka
Brick



----- Original Message -----
From: "Craig Skelton" <[email protected]>
To: <[email protected]>; <[email protected]>
Sent: Wednesday, February 07, 2001 3:46 PM
Subject: RE: [FW1] why not a bridge? (and hot air)


>
> You are talking about their Brick Firewall? LMF is a service provided by
> Lucent, not a firewall appliance/technology. I believe Firewall-1's
feature
> set is better.
>
> How exactly does it operate as a bridge? Can you be specific? They claim
> stateful packet inspection (that implies the network layer). Are you
> refering to their proxy stuff?
>
> On the other hand, I agree a bridge that would be a router with no address
> makes me wonder...
>
> Cheers,
> Craig
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Wednesday, February 07, 2001 8:06 PM
> To: [email protected]
> Subject: [FW1] why not a bridge? (and hot air)
>
>
>
> What a lot of hot air.
>
> Rather than debating this theoretically, take a close look at the
> Lucent Managed Firewall (LMF).
>
> It's a high-end, high-capacity, very smart, very powerful, IP firewall
> which does pretty much everything Firewall-1 can do (plus a number of
> very interesting unique capabilities) and does it all as a BRIDGE.
>
>
>
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]]
> > Sent: Wednesday, February 07, 2001 9:09 AM
> > To: [email protected]
> > Subject: FW: RE: [FW1] why not a bridge?
> >
> >
> >
> > I actually built a prototype firewall based on bridging technology, so
> > it certainly can be done.  The nice thing about building it
> > into a bridge,
> > is ZERO network configuration is required.  This is great for
> > things like
> > the consumer market (aka cable modems, etc).  Just plug the
> > box in between
> > the cable modem and your PC - no additional addresses needed,
> > no network
> > configuration needed, just go.  Of course you still need to configure
> > firewall functions....
> >
> > -Jon Allen
> >
> >
> > >Date: Fri, 26 Jan 2001 15:56:52 -0500 (EST)
> > >From: [email protected]
> > >Subject: RE: [FW1] why not a bridge?
> > >
> > >Andrew,
> > >
> > >I hate to say this, but... try thinking outside the box!
> > Just because the
> > >bridge you bought ten years ago doesn't have the
> > functionallity that I am
> > >suggesting doesn't mean that it shouldn't be done!  Or tried atleast.
> > >
> > >I am not mistaking anything, I just think that it would be
> > more secure if
> > >the firewall was transparent.
> > >
> > >Does checkpoint RELY on packets going form one subnet to anyother?  I
> > >don't see why/  If I have a two port FW that is running as a
> > bridge then
> > >I don't see why checkpoint couldn't handle it.
> > >
> > >On Fri, 26 Jan 2001 [email protected] wrote:
> > >
> > >> no no no no no
> > >>
> > >> the point of a bridge is that it works at the datlink layer not the
> > network
> > >> layer. ie a bridge knows NOTHING about IP. So any IP
> > inspection can not
> > be
> > >> done by a true bridge.
> > >
> > > SO it can't inspect anything
> > >
> > > Also DO not get bridging confused with packet address
> > translation (PIX)
> > >
> > > Checkpoint expects packets to move from one IP subnet to
> > another so you
> > will
> > > not be able to bridge.
> > >
> > > Any way what's so hard about routing.
> > >
> > > Andrew Shore
> > > BTcd
> > > Information Systems Engineering
> > > Internet & Multimedia
> > >
> > >
> > > -----Original Message-----
> > > From: [email protected] [mailto:[email protected]]
> > > Sent: 26 January 2001 16:06
> > > To: [email protected]
> > > Subject: RE: [FW1] why not a bridge?
> > >
> > >
> > >
> > > First, I had tonnes of people let me know that lucents fw
> > always works(or
> > > can work?) as a bridge.
> > >
> > > Second,  I don't imagine it would be too hard to write
> > bridging software
> > > that actually does inspect the TCP/IP stack.  I mean if you
> > take a closer
> > > look at how checkpoint says they examine packets, they do it
> > > already.  Checkpoint software itself does not route packets.  I
> > > wonder... If I installed bridging software on my linux box, would
> > > checkpoint still work?  I think I might try that...
> > >
> > > anyone think of a reason why it wouldn't work?  anyone
> > think of a reason
> > > why I wouldn't want to do this?
> > >
> > > What do you think?
> > > --Paul
> >
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] why not a bridge? (and hot air)
  - From: Craig Skelton <[email protected]>

Prev by Date: RE: [FW1] how to monitor applications running in the DMZ
Next by Date: Re: [FW1] why not a bridge? (and hot air)
Previous by thread: RE: [FW1] why not a bridge? (and hot air)
Next by thread: [FW1] Checkpoint and ControlIT(computer associates remote control software)
Index(es):
- Date
- Thread