[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] beginner's question on DNS
Title: RE: [FW1] beginner's question on DNS I
would suggest (maybe because of my paranoia :) that instead of using CheckPoints
pseudo-implied rules from the policy properties dialog box (suggestion #4
below) to instead manually create a rule or possibly rules for any DNS
actions you may need to occur. I think it is more secure not to use their
rules and can help reduce the instance of certain problems or issues in the
future. (i.e. say you want domain-udp to encrypt over site-to-site VPN links,
you may forget that you have that implied rule and it is catching the query from
hitting your VPN rules or something silly like that...)
Just
my $0.02....
Jarrett
|