[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Inbound, Outbound, Eitherbound
Inbound and Outbound inspection are not functions of network association (internal or external). They have to do with the inspection moving through the TCP/IP stack. For example, if you're only checking inbound, and someone gains control of your firewall, FW-1 won't inspect anything leaving the stack--thus the intruder is free to send OUT anything that they want. The inverse is true with ourbound-only. This is pretty dangerous. Addressing and detection issues need to be addressed at some device prior to the firewall if licensing and number of nodes is a problem. Perhaps a brief topology schema would be of more help. Cheers Keith McCammon -----Original Message----- From: Tim Parker [mailto:[email protected]] Sent: Monday, April 09, 2001 5:26 AM To: '[email protected]' Subject: [FW1] Inbound, Outbound, Eitherbound I am looking for some real world experience to help me answer this question. We are currently having licensing issues (this is due to the way that we set up our BigIP boxes behind our FW, long story) But what is happening is that our FW is seeing external addresses on one of the internal interfaces so it is trying to "protect" them. Hence throwing us way over on our licenses (and generating an aweful lot of emails to me!) What I am thinking of trying, but this is where I need the help!, is changing the setting from eitherbound (the default) to inbound for our rulebase. I am curious though, if there are any other ramifications, other than the fact that the firewall will let anything from "inside" the network out without checking it. With stateful inspection, I should be fine, I believe. Any comments to my issue? Tim Parker ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|