[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Licensing
Yim Lee wrote: > > Don, > > What happens if you have a sandswitch environment > (internet <--> fw1 <--> dmz <--> fw2 <--> private)? > > Do you need unlimited licenses for both firewalls if > you have a small dmz? Can you have a 100 user license > for fw1 and an unlimited for fw2? I believe you need to have unlimited for both. This is one of the ways expensive licensing, and Checkpoint in particular, discourages good security. The licensing encourages configurations like, Internet --- FW --- Protected Net | | External Services (Often called a "DMZ" even though it isn't.) Rather than the traditional and more secure, Internet --- FW --- DMZ --- FW --- Protected Net Configuration you proposed. (Luckily, the outer firewall often need not be a particularly complex one. You can often get by with a router with good ACLs. But it all depends on what's in the DMZ and your local policy.) Defense in depth. Layered defense. -- Crist J. Clark [email protected] Globalstar CommunicationsThe information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|