Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] any

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] any
From: "Goetz, Jarrett" <[email protected]>
Date: Tue, 5 Jun 2001 20:11:15 -0400
Cc: "'Casey DeBerry'" <[email protected]>, firewall-1 mailing list <[email protected]>
Sender: [email protected]

Title: RE: [FW1] any

I must be misunderstanding which rule he is talking about then...

-----Original Message-----
From: Juan Concepcion [mailto:[email protected]]
Sent: Tuesday, June 05, 2001 22:03
To: Goetz, Jarrett
Cc: 'Casey DeBerry'; firewall-1 mailing list
Subject: RE: [FW1] any

Jarrett,

In the case of say a client sitting behind a firewall talking to
another client sitting on the other side of that firewall the IPSEC (ike,
esp, ah) are not covered by the ANY but have to be explicitly defined in
the rule to be allowed. Also if you are configuring this type of
communication you have to configure it bi-directionally, in other words you
need two rules. One allows the client to talk to the resource and the
other allows the resource to talk back to the client.
--
Juan Concepcion
Network Security Consultant
CCSA/CCSE Certified
[email protected]

On 2001.06.03 14:04 "Goetz, Jarrett" wrote:
> I am not positive what you are asking, but if I am understanding you
> clearly, as long as your encryption rule is configured properly in terms
> of
> the action (i.e. client encrypt, encrypt, etc.) then yes, from what I
> understand those services would be "included" so to speak if you put ANY
> in
> the service column.
>
> Always keep in mind, ANY in your rulebase is not a good thing :), from a
> security perspective your best off to strive to keep the amount of ANY's
> in
> your rulebase to a minimum.
>
> Jarrett
>
> -----Original Message-----
> From: Casey DeBerry [mailto:[email protected]]
> Sent: Friday, June 01, 2001 13:15
> To: firewall 1 mailing list
> Subject: [FW1] any
>
>
> Is ipsec encryption and all other modules (AH, ESP, IKE etc.) contained
> in "ANY" service?
>
> Thanks,
> Casey DeBerry
> [email protected]
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
> <TITLE>RE: [FW1] any</TITLE>
> </HEAD>
> <BODY>
>
> I am not positive what you are asking, but if I am
> understanding you clearly, as long as your encryption rule is configured
> properly in terms of the action (i.e. client encrypt, encrypt, etc.) then
> yes, from what I understand those services would be "included"
> so to speak if you put ANY in the service column.
>
> Always keep in mind, ANY in your rulebase is not a good
> thing :), from a security perspective your best off to strive to keep the
> amount of ANY's in your rulebase to a minimum.
>
> Jarrett
> 
>
> -----Original Message-----
> From: Casey DeBerry [<A
> HREF="" href="mailto:[email protected]">mailto:[email protected]">mailto:[email protected]</A>]
> Sent: Friday, June 01, 2001 13:15
> To: firewall 1 mailing list
> Subject: [FW1] any
> 
> 
>
> Is ipsec encryption and all other modules (AH, ESP, IKE
> etc.) contained
> in "ANY" service?
> 
>
> Thanks,
> Casey DeBerry
> [email protected]
> 
>
> </BODY>
> </HTML>

Prev by Date: [FW1] SecuRemote over PPOE, Linksys Hub, and wireless network
Next by Date: [FW1] RealSecure Documentation.
Previous by thread: Re: [FW1] any
Next by thread: RE: [FW1] any
Index(es):
- Date
- Thread