NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FW-1 Rulebase



Required in all firewalls should be

any any any drop long (last rule in rulebase)
any any NBT/rip drop nolog (first in rulebase)

after any IKE rules, put
any <FW1 Gateway Object> any drop long (stealth rule)

everything else is dependent on your configuration....

Scott J. Friedman, MCSE CCSE CCNA
Security & Cisco Routing Engineer
LDMI / Ideal Technology Solutions, U.S.
Email : [email protected]
Phone :www.itsusnow.com
www.ldmi.com

>>> [email protected] 03/04/02 01:34PM >>>
Hi Everybody,

I have just took the ownership of maintaining the rulebase for FW-1.
I
will be embarking the task in down sizing our rulebase in to a
manageble
number of rules.  I need some guidelines and direction in making my
rulebase simple and secure.  Based on your experience, what do you
think is
a must have RULE implemented in FW-1 or any other firewall (i.e
lockdown,
Drop All and Log, etc...).  Any other advice you can give me in
maintaining
my rulebase and securing my firewall would be greatly appreciated.

Thanks,
Jonathan

---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the
use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt
from
disclosure.  If you are not the intended recipient, you are notified
that
any dissemination, distribution or copying of this communication is
strictly prohibited.  If you have received this communication in
error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
Le présent message électronique (y compris les pièces qui y sont
annexées,
le cas échéant) s'adresse au destinataire indiqué et peut contenir des
renseignements de caractère privé ou confidentiel. Si vous n'êtes pas
le
destinataire de ce document, nous vous signalons qu'il est strictement
interdit de le diffuser, de le distribuer ou de le reproduire. Si ce
message vous a été transmis par erreur, veuillez en informer
l'expéditeur
et le supprimer immédiatement.
---------------------------------------------------------------------------

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.