[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Domain objects
Hi Eric The reason I found that domain objects are a very bad idea, is because if the object for some reason or other is no longer resolvable, your firewall will no longer compile. The last thing you want to happen is your firewall stopping over such a simple silly thing. What I do to get around this, is I do a domain lookup myself on the address and then add the results to my rulebase. This works fairly well unless you are adding an object for a company that frequently changes it's published external addresses. Generally it doesn't happen too often, but it is definately a trade-off on how secure and how managable you want your firewall to be. Thanks Kimberly -----Original Message----- From: Roelandts, Guy [mailto:[email protected]] Sent: Friday, October 12, 2001 2:31 AM To: [email protected] Subject: Re: [FW-1] Domain objects Eric, In all the documents I have read till now, in each CP training that I attended ... I hear the same message, don't use Domain objects, maybe you can avoid using that domain object by defining a network range, as a domain most of the time uses a specific subnet ... just an idea ?? Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ===================================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ===================================================================== -----Original Message----- From: Eric I. Davis [mailto:[email protected]] Sent: Friday, October 12, 2001 1:40 AM To: [email protected] Subject: [FW-1] Domain objects I have defined a domain object so allow only computers from a certain doamin to come through the firewall as such .blah.da.ca.uu.net The firewall seems to ignore the object. I have seen alot of docs say that the domain objects dont work very well because the way reverse DNS functions. Any comments or help would be appreciated. -- Eric I. Davis NARAC Lawrence Livermore National Lab TelFaxprivate email [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|