Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

To: "'Daniel Hitchcock'" <[email protected]>, "Juppunov, George" <[email protected]>, "'Elliot Spiegel/Markham/IBM'" <[email protected]>, Lior Arbel/Israel/IBM <[email protected]>
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
From: "Juppunov, George" <[email protected]>
Date: Wed, 9 May 2001 15:44:49 -0700
Cc: [email protected]
Sender: [email protected]

Title: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

Fine. I guess I'm being frivolous in calling SRB "routing", since it's technically bridging, and I will not argue over it.

Although we could go into a lengthy conceptual discussion off-line. On the other hand, there is nothing that prohibits

upper layer protocols from one stack e.g., SNA to be transported using protocols from another stack e.g.. TCP/IP, hence IP

encapsulation (which is a misnomer since IP encapsulates anyway).

As far as IPX is concerned, CheckPoint does not support it and if you think it does, I would be interested to know

how you define an IPX network and how you would filter, let's say, SAP advertisements in the CheckPoint rulebase...

On the other hand, if you suggest that you can have IPX driver installed on it and route despite Checkpoint then... sure,

Checkpoint couldn't care less about it. And if that's really what you meant then I need to start reading more carefully. :-)

George

-----Original Message-----
From: Daniel Hitchcock [mailto:[email protected]]
Sent: Wednesday, May 09, 2001 2:32 PM
To: 'Juppunov, George'; 'Elliot Spiegel/Markham/IBM'; Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

I'd be interested in the technical details of how you've implemented SNA routing (IP encapsulation obviously doesn't count, as that's IP routing, not SNA routing), and the environment in which IPX would not route on a device running Checkpoint Firewall and an IPX stack. Please reply directly if you prefer...

Thanks!

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates

dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com

-----Original Message-----
From: Juppunov, George [mailto:[email protected]]
Sent: Tuesday, May 08, 2001 3:46 PM
To: Daniel Hitchcock; 'Elliot Spiegel/Markham/IBM'; Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

Checkpoint will not pass IPX traffic and SNA is very much routable. You do need to encapsulate

as Elliot suggested, however bear in mind that your firewall will not be able to look higher up the stack.

George

-----Original Message-----
From: Daniel Hitchcock [mailto:[email protected]]
Sent: Tuesday, May 08, 2001 8:23 AM
To: 'Elliot Spiegel/Markham/IBM'; Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

Clarification:

Checkpoint doesn't care at all about SNA (or any other non-IP) traffic. For example, a Checkpoint firewall will happily route IPX traffic as long as your OS is configured to do so. Since SNA is non-routable, your firewall will only pass it if you can get your OS to bridge SNA. So, Elliot's suggestion about encapsulating SNA is excellent (as long as you can get someone on both ends to configure the routers correctly).

$0.01 :)

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates
x147
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com

-----Original Message-----
From: Elliot Spiegel/Markham/IBM [mailto:[email protected]]
Sent: Monday, May 07, 2001 1:25 PM
To: Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: Re: [FW1] Does FireWall-1 Pass SNA Traffic ?

Lior...Checkpoint can only pass IP traffic. If you want to get SNA to flow
through the firewall, you will have to encapsulate the SNA traffic within
IP.

One of the ways you can do this is to use DLSW on a router. SNA traffic
hits the router and is encapsulated within IP, flows through the firewall
to another router that will de-encapsulate the traffic.

Regards.............Elliot

Lior Arbel <[email protected]>@lists.us.checkpoint.com on 05/05/2001
09:36:37 AM

Please respond to Lior Arbel/Israel/IBM@IBMIL

Sent by: [email protected]

To:   [email protected]
cc:
Subject: [FW1] Does FireWall-1 Pass SNA Traffic ?

Sorry for the last massage - was sent by mistake

I need help - checkpoint claims that fw-1 pass sna
traffic but i didnt found any document about it

does anyone tried it before??

Lior Arbel

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

_____________________________________________________________________

IMPORTANT NOTICES:

This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful.

Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail.

BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system.

_____________________________________________________________________

IMPORTANT NOTICES:

This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful.

Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail.

BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system.

Prev by Date: [FW1] SAP Gui
Next by Date: Re: [FW1] beware
Previous by thread: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
Next by thread: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
Index(es):
- Date
- Thread