RE: [FW1] Does FireWall-1 Pass SNA Traffic ?

["Juppunov, George" <gjuppunov@FW1-NOSPAMbofasecurities.com>]

Very much correct. I think after reading the response a couple of times, I
understood his point 
and I did gree with him. Please read the response I sent.

george

-----Original Message-----
From: simon.devlin@uk.abnamro.com [mailto:simon.devlin@uk.abnamro.com]
Sent: Wednesday, May 09, 2001 11:38 PM
To: Juppunov, George
Cc: fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: RE: [FW1] Does FireWall-1 Pass SNA Traffic ?


I think the point was there that the OS will route whatever it's configured
for (say IPX), but the firewall will only inspect IP.






"Juppunov, George" <gjuppunov@bofasecurities.com>@lists.us.checkpoint.com
on 08/05/2001 23:46:26

Sent by:  owner-fw-1-mailinglist@lists.us.checkpoint.com


To:   "'Daniel Hitchcock'" <DHitchcock@breakwatersecurity.com>, "'Elliot
      Spiegel/Markham/IBM'" <sysfrog@ca.ibm.com>, Lior Arbel/Israel/IBM
       <arbel_lior@il.ibm.com>
cc:   fw-1-mailinglist@beethoven.us.checkpoint.com
Subject:  RE: [FW1] Does FireWall-1 Pass SNA Traffic ?


RE: [FW1] Does FireWall-1 Pass SNA Traffic ?
Checkpoint will not pass IPX traffic and SNA is very  much routable. You do
need to encapsulate
as  Elliot suggested, however bear in mind that your firewall will not be
able to look higher up the stack.

George
-----Original Message-----
From: Daniel Hitchcock  [mailto:DHitchcock@breakwatersecurity.com]
Sent: Tuesday, May 08,  2001 8:23 AM
To: 'Elliot Spiegel/Markham/IBM'; Lior  Arbel/Israel/IBM
Cc:  fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: RE: [FW1] Does  FireWall-1 Pass SNA Traffic ?



Clarification:

Checkpoint doesn't care at all about SNA (or any other non-IP)  traffic.
For example, a Checkpoint firewall will happily route IPX  traffic as long
as your OS is configured to do so.  Since SNA is  non-routable, your
firewall will only pass it if you can get your OS to bridge  SNA.  So,
Elliot's suggestion about encapsulating SNA is excellent (as  long as you
can get someone on both ends to configure the routers  correctly).

$0.01 :)

Dan Hitchcock
CCNA, CCSE, MCSE
Security Analyst
Breakwater Security  Associatesdhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com



-----Original Message-----
From:  Elliot Spiegel/Markham/IBM [mailto:sysfrog@ca.ibm.com]
Sent: Monday, May 07, 2001 1:25 PM
To: Lior Arbel/Israel/IBM
Cc:  fw-1-mailinglist@beethoven.us.checkpoint.com
Subject:  Re: [FW1] Does FireWall-1 Pass SNA Traffic ?


Lior...Checkpoint can only pass IP traffic.  If you want  to get SNA to
flow
through the firewall, you will have  to encapsulate the SNA traffic within
IP.

One of the ways you can do this is to use DLSW on a  router.  SNA traffic
hits the router and is  encapsulated within IP, flows through the firewall
to  another router that will de-encapsulate the traffic.

Regards.............Elliot

Lior Arbel <l_arbel@yahoo.com>@lists.us.checkpoint.com  on 05/05/2001
09:36:37 AM

Please respond to Lior Arbel/Israel/IBM@IBMIL

Sent by:   owner-fw-1-mailinglist@lists.us.checkpoint.com

To:    fw-1-mailinglist@beethoven.us.checkpoint.com
cc:
Subject:  [FW1] Does FireWall-1 Pass  SNA Traffic ?



Sorry for the last massage - was sent by mistake

I need help - checkpoint claims that fw-1 pass sna
traffic but i didnt found any document about it

does anyone tried it before??

Lior Arbel

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy  the things you want at great prices
http://auctions.yahoo.com/

============================================================================
====


     To unsubscribe from this mailing  list, please see the instructions at
                http://www.checkpoint.com/services/mailing.html
============================================================================
====






============================================================================
====

     To unsubscribe from this mailing  list, please see the instructions at
                http://www.checkpoint.com/services/mailing.html
============================================================================
====






_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================