Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] a few question

To: "'Bilgehan turan'" <[email protected]>, [email protected]
Subject: RE: [FW1] a few question
From: Nils Kolstein <[email protected]>
Date: Fri, 13 Apr 2001 09:59:37 +0200
Sender: [email protected]

Hi,

I am not using NT for our FW-platform but I might give some hints..

3) As far as I know there is no limit on rules, but the more rules, the more
impact it has on the performance of the FW especially when using al lot of
encryption and NAT rules..

4) Try to block the site on it's IP-address instead of hostname. It might be
the case that the site is reachable under more than one IP-address through a
DNS-roundrobin sort of system .. So several IP's under one hostname to
create a form of redundancy.. This might be the case with larger sites,
although it might be better to use Level 4 (web)switching devices..

I hope this all helps.. ;-))

Nils Kolstein
Internetworking Engineer
Planet Media Group
E-mail: [email protected]
Tel.: (+31)> -----Original Message-----
> From: Bilgehan turan [mailto:[email protected]]
> Sent: Wednesday, April 11, 2001 3:54 PM
> To: [email protected]
> Subject: [FW1] a few question
> 
> 
> 
> Hi to all Checkpoint gurus
> I am new for checkpoint 4.1(installed on NT 4.0)
> 1) do I have to restart the checkpoint services when I edit 
> the rules by
> rules editor.Is there a easy way to start services or do I 
> have to use NT's
> services tool.
> 2) Do rules read linearly?I mean an above rule permits that 
> packet go inside
> ,but below rule does not.( or this is the policy confliction)
> 3) is there a rule limit ?
> 4) How can I reject a domain www.abc.com .I add a domain to 
> our rules to
> reject.But I can connect it.I could not solve the problem.
> 
> 
> Thanks in advance...
>  
> Bilgehan TURAN
> System and Network Administrator
> Ph    :> Mob :> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] a few question
  - From: Martin Hoz <[email protected]>

Prev by Date: [FW1] Routing Question
Next by Date: [FW1] unable to connect from a win2000 secure remote client
Previous by thread: [FW1] a few question
Next by thread: Re: [FW1] a few question
Index(es):
- Date
- Thread