NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Inbound, Outbound, Eitherbound



Inbound and Outbound inspection are not functions of network association
(internal or external).  They have to do with the inspection moving through
the TCP/IP stack.  For example, if you're only checking inbound, and someone
gains control of your firewall, FW-1 won't inspect anything leaving the
stack--thus the intruder is free to send OUT anything that they want.  The
inverse is true with ourbound-only.  This is pretty dangerous.

Addressing and detection issues need to be addressed at some device prior to
the firewall if licensing and number of nodes is a problem.  Perhaps a brief
topology schema would be of more help.

Cheers 

Keith McCammon

-----Original Message-----
From: Tim Parker [mailto:[email protected]]
Sent: Monday, April 09, 2001 5:26 AM
To: '[email protected]'
Subject: [FW1] Inbound, Outbound, Eitherbound



I am looking for some real world experience to help me answer this question.
We are currently having licensing issues (this is due to the way that we set
up our BigIP boxes behind our FW, long story) But what is happening is that
our FW is seeing external addresses on one of the internal interfaces so it
is trying to "protect" them. Hence throwing us way over on our licenses (and
generating an aweful lot of emails to me!)

What I am thinking of trying, but this is where I need the help!, is
changing the setting from eitherbound (the default) to inbound for our
rulebase. I am curious though, if there are any other ramifications, other
than the fact that the firewall will let anything from "inside" the network
out without checking it. With stateful inspection, I should be fine, I
believe. 

Any comments to my issue?

Tim Parker



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.