[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Inbound, Outbound, Eitherbound
Tim, Changing the rules to <any>bound will not make any difference in your license problem. Unless you solve that BigIP problem, whatever that is, you'll have license problem in anybound filtering. In security stand point of view, inbound or eitherbound does not make big difference. Inbound does not mean inspecting packets coming from outside. It meant to be inbound to the firewall server's interface. Regards, Sun Yu, CISSP Lucent Worldwide Services > -----Original Message----- > From: Tim Parker [mailto:[email protected]] > Sent: Monday, April 09, 2001 4:26 AM > To: '[email protected]' > Subject: [FW1] Inbound, Outbound, Eitherbound > > > > I am looking for some real world experience to help me answer > this question. > We are currently having licensing issues (this is due to the > way that we set > up our BigIP boxes behind our FW, long story) But what is > happening is that > our FW is seeing external addresses on one of the internal > interfaces so it > is trying to "protect" them. Hence throwing us way over on > our licenses (and > generating an aweful lot of emails to me!) > > What I am thinking of trying, but this is where I need the help!, is > changing the setting from eitherbound (the default) to inbound for our > rulebase. I am curious though, if there are any other > ramifications, other > than the fact that the firewall will let anything from > "inside" the network > out without checking it. With stateful inspection, I should be fine, I > believe. > > Any comments to my issue? > > Tim Parker > > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|