NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] any



remote_domain ―>  local_domain ―> any ―> encrypt    works fine.

Scott J. Friedman, MCSE CCSE
Security Engineer
Ideal Technology Solutions, Inc
Email : [email protected]
Phone :>>> Chris F <[email protected]> 06/05/01 02:44PM >>>

Hi,

In my experience, FW1 will not handle encrypted
packets correctly unless you explicitly list the
service (e.g. PPTP).

I would recommend explicitly listing any and all
encryption rules *and* have them at the TOP of your
rulebase. I also had some FW1 confusion with some
"Any" rules when I had encryption rules listed after
it. This is the only exception that I know of to "put
your most used rules first".

HTH -- Chris


--- "Goetz, Jarrett" <[email protected]> wrote:
> I am not positive what you are asking, but if I am
> understanding you
> clearly, as long as your encryption rule is
> configured properly in terms of
> the action (i.e. client encrypt, encrypt, etc.) then
> yes, from what I
> understand those services would be "included" so to
> speak if you put ANY in
> the service column.
> 
> Always keep in mind, ANY in your rulebase is not a
> good thing :), from a
> security perspective your best off to strive to keep
> the amount of ANY's in
> your rulebase to a minimum.
> 
> Jarrett
> 
> -----Original Message-----
> From: Casey DeBerry [mailto:[email protected]] 
> Sent: Friday, June 01, 2001 13:15
> To: firewall-1 mailing list
> Subject: [FW1] any
> 
> 
> Is ipsec encryption and all other modules (AH, ESP,
> IKE etc.) contained
> in "ANY" service?
> 
> Thanks,
> Casey DeBerry
> [email protected] 
> 


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/ 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
================================================================================




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.