NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] [FW1] FW1 as a bridge



Gabriel,
I can appreciate the information coming from the source at simplegeeks.com, but the
truth of the matter is that a bridge is a layer 2 device, with special services and
processes that must be run in order to extrapolate layer 3 information necessary for
ip packet processing.  I think it serves to note that since the world expects the
same degree of functionality from Firewall-1 regardless of its host platform, then
it is a limitation that not every OS vendor implements bridging code.  As you state,
the bridging is a function of 3rd party code, and since CheckPoint has not seen fit
to reinvent the wheel by writing layer2 passthru code, I think Dan was correct in
his analysis.

I think we all can appreciate your depth of knowledge as you have expressed it, but
if you are simply looking to bash Firewall-1, then perhaps it is better done on
another mailing list other than a Firewall-1 users list.

For the sake of those trying to gain knowledge, and their lack of desire to follow a
flame-chain, please direct any hate mail back to me only.

Kindest Regards,
CryptoTech

Gabriel Rocha wrote:

> ,----[ On Thu, Sep 27, at 02:40PM, Dan Hitchcock wrote: ]--------------
> | FW1, unfortunately, does not work in bridge mode.  Some appliance-based
> | firewalls support this functionality, but FW1 depends on an IP address being
> | bound to each adapter used for traffic control.  This is more a limitation
> | of the underlying operating system than a limitation of FW1.
> `----[ End Quote ]---------------------------
>
> Not trying to be picky here, well, not too picky anyway. FW1, to my
> knowledge runs on Linux and Solaris (yes other OS's too, but anyone who
> runs it under Win2k is on crack anyhow and HPUX is simply not in style,
> AIX doesnt count) both of which support bridging with other firewalls,
> now, how does that leave room for a limitation of the OS? IPF runs on
> Linux and on Solaris in bridging mode, Linux has iptables and ipchains,
> both of which do bridging packet filtering. Oh just remembered IPSO,
> FW-1 for Nokia (which is just an x86 with a proprietary board so they
> can charge more) IPSO is nothing more than FreeBSD 2.x with some tweaks,
> FreeBSD does bridging just fine. We could at least recognize the
> shortcomings of the software we use, for it certainly is not a
> shortcoming of the OS. (if you use Win2k, YMMV) --Gabe
>
> --
>
> "It's not brave if you're not scared."
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.