[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] a few question
Hi, I am not using NT for our FW-platform but I might give some hints.. 3) As far as I know there is no limit on rules, but the more rules, the more impact it has on the performance of the FW especially when using al lot of encryption and NAT rules.. 4) Try to block the site on it's IP-address instead of hostname. It might be the case that the site is reachable under more than one IP-address through a DNS-roundrobin sort of system .. So several IP's under one hostname to create a form of redundancy.. This might be the case with larger sites, although it might be better to use Level 4 (web)switching devices.. I hope this all helps.. ;-)) Nils Kolstein Internetworking Engineer Planet Media Group E-mail: [email protected] Tel.: (+31)> -----Original Message----- > From: Bilgehan turan [mailto:[email protected]] > Sent: Wednesday, April 11, 2001 3:54 PM > To: [email protected] > Subject: [FW1] a few question > > > > Hi to all Checkpoint gurus > I am new for checkpoint 4.1(installed on NT 4.0) > 1) do I have to restart the checkpoint services when I edit > the rules by > rules editor.Is there a easy way to start services or do I > have to use NT's > services tool. > 2) Do rules read linearly?I mean an above rule permits that > packet go inside > ,but below rule does not.( or this is the policy confliction) > 3) is there a rule limit ? > 4) How can I reject a domain www.abc.com .I add a domain to > our rules to > reject.But I can connect it.I could not solve the problem. > > > Thanks in advance... > > Bilgehan TURAN > System and Network Administrator > Ph :> Mob :> > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|