[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] any
Hi, In my experience, FW1 will not handle encrypted packets correctly unless you explicitly list the service (e.g. PPTP). I would recommend explicitly listing any and all encryption rules *and* have them at the TOP of your rulebase. I also had some FW1 confusion with some "Any" rules when I had encryption rules listed after it. This is the only exception that I know of to "put your most used rules first". HTH -- Chris --- "Goetz, Jarrett" <[email protected]> wrote: > I am not positive what you are asking, but if I am > understanding you > clearly, as long as your encryption rule is > configured properly in terms of > the action (i.e. client encrypt, encrypt, etc.) then > yes, from what I > understand those services would be "included" so to > speak if you put ANY in > the service column. > > Always keep in mind, ANY in your rulebase is not a > good thing :), from a > security perspective your best off to strive to keep > the amount of ANY's in > your rulebase to a minimum. > > Jarrett > > -----Original Message----- > From: Casey DeBerry [mailto:[email protected]] > Sent: Friday, June 01, 2001 13:15 > To: firewall-1 mailing list > Subject: [FW1] any > > > Is ipsec encryption and all other modules (AH, ESP, > IKE etc.) contained > in "ANY" service? > > Thanks, > Casey DeBerry > [email protected] > __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|