[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
I think the point was there that the OS will route whatever it's configured for (say IPX), but the firewall will only inspect IP. "Juppunov, George" <[email protected]>@lists.us.checkpoint.com on 08/05/2001 23:46:26 Sent by: [email protected] To: "'Daniel Hitchcock'" <[email protected]>, "'Elliot Spiegel/Markham/IBM'" <[email protected]>, Lior Arbel/Israel/IBM <[email protected]> cc: [email protected] Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ? RE: [FW1] Does FireWall-1 Pass SNA Traffic ? Checkpoint will not pass IPX traffic and SNA is very much routable. You do need to encapsulate as Elliot suggested, however bear in mind that your firewall will not be able to look higher up the stack. George -----Original Message----- From: Daniel Hitchcock [mailto:[email protected]] Sent: Tuesday, May 08, 2001 8:23 AM To: 'Elliot Spiegel/Markham/IBM'; Lior Arbel/Israel/IBM Cc: [email protected] Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ? Clarification: Checkpoint doesn't care at all about SNA (or any other non-IP) traffic. For example, a Checkpoint firewall will happily route IPX traffic as long as your OS is configured to do so. Since SNA is non-routable, your firewall will only pass it if you can get your OS to bridge SNA. So, Elliot's suggestion about encapsulating SNA is excellent (as long as you can get someone on both ends to configure the routers correctly). $0.01 :) Dan Hitchcock CCNA, CCSE, MCSE Security Analyst Breakwater Security Associatesdhitchcock (at) breakwatersecurity (dot) com http://www.breakwatersecurity.com -----Original Message----- From: Elliot Spiegel/Markham/IBM [mailto:[email protected]] Sent: Monday, May 07, 2001 1:25 PM To: Lior Arbel/Israel/IBM Cc: [email protected] Subject: Re: [FW1] Does FireWall-1 Pass SNA Traffic ? Lior...Checkpoint can only pass IP traffic. If you want to get SNA to flow through the firewall, you will have to encapsulate the SNA traffic within IP. One of the ways you can do this is to use DLSW on a router. SNA traffic hits the router and is encapsulated within IP, flows through the firewall to another router that will de-encapsulate the traffic. Regards.............Elliot Lior Arbel <[email protected]>@lists.us.checkpoint.com on 05/05/2001 09:36:37 AM Please respond to Lior Arbel/Israel/IBM@IBMIL Sent by: [email protected] To: [email protected] cc: Subject: [FW1] Does FireWall-1 Pass SNA Traffic ? Sorry for the last massage - was sent by mistake I need help - checkpoint claims that fw-1 pass sna traffic but i didnt found any document about it does anyone tried it before?? Lior Arbel __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|