NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

Title: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
I'd be interested in the technical details of how you've implemented SNA routing (IP encapsulation obviously doesn't count, as that's IP routing, not SNA routing), and the environment in which IPX would not route on a device running Checkpoint Firewall and an IPX stack.  Please reply directly if you prefer...
 
Thanks!

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates

dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com

-----Original Message-----
From: Juppunov, George [mailto:[email protected]]
Sent: Tuesday, May 08, 2001 3:46 PM
To: Daniel Hitchcock; 'Elliot Spiegel/Markham/IBM'; Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

Checkpoint will not pass IPX traffic and SNA is very much routable. You do need to encapsulate
as Elliot suggested, however bear in mind that your firewall will not be able to look higher up the stack.
 
George
-----Original Message-----
From: Daniel Hitchcock [mailto:[email protected]]
Sent: Tuesday, May 08, 2001 8:23 AM
To: 'Elliot Spiegel/Markham/IBM'; Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

Clarification:

Checkpoint doesn't care at all about SNA (or any other non-IP) traffic.  For example, a Checkpoint firewall will happily route IPX traffic as long as your OS is configured to do so.  Since SNA is non-routable, your firewall will only pass it if you can get your OS to bridge SNA.  So, Elliot's suggestion about encapsulating SNA is excellent (as long as you can get someone on both ends to configure the routers correctly).

$0.01 :)

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security Associates
x147
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com




-----Original Message-----
From: Elliot Spiegel/Markham/IBM [mailto:[email protected]]
Sent: Monday, May 07, 2001 1:25 PM
To: Lior Arbel/Israel/IBM
Cc: [email protected]
Subject: Re: [FW1] Does FireWall-1 Pass SNA Traffic ?



Lior...Checkpoint can only pass IP traffic.  If you want to get SNA to flow
through the firewall, you will have to encapsulate the SNA traffic within
IP.

One of the ways you can do this is to use DLSW on a router.  SNA traffic
hits the router and is encapsulated within IP, flows through the firewall
to another router that will de-encapsulate the traffic.

Regards.............Elliot

Lior Arbel <[email protected]>@lists.us.checkpoint.com on 05/05/2001
09:36:37 AM

Please respond to Lior Arbel/Israel/IBM@IBMIL

Sent by:  [email protected]


To:   [email protected]
cc:
Subject:  [FW1] Does FireWall-1 Pass SNA Traffic ?




Sorry for the last massage - was sent by mistake

I need help - checkpoint claims that fw-1 pass sna
traffic but i didnt found any document about it

does anyone tried it before??


Lior Arbel

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/


================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



_____________________________________________________________________

IMPORTANT NOTICES:

This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful.


Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail.


BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system.




  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.