|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] too many ip address
The less granular you make your rules, the less overhead your fw will require, but you are trading off it's security by doing so. To answer your question, a way to limit your work in defining these hosts would be to define networks which include them. I would strongly recommend _against_ doing that as it's very poor fw practice. By defining each of these IPs as it's own workstation, you will increase the amount of time it will require to compile the policy (mailing list, please correct me if I am mistaken here), and each rule you add will add to the amount of time for checking rules. Of course the entire point of the firewall is to allow you to have near omnipotent control over the traffic that traverses your network, so take advantage of that ability. HTH, Alex -----Original Message----- From: liu [mailto:[email protected]] Sent: Wednesday, May 22, 2002 11:28 PM To: [email protected] Subject: [FW-1] too many ip address Hello I am setting up a rule base for Checkpoint 4.1 on Nokia platform.Now I meet a problem that I get a lot of ip addresses to be set.Here are some examples. Allow from 61.206.32.210 Allow from 61.206.32.211 Allow from 210.134.83.49 Allow from 210.134.83.50 Allow from 210.134.83.51 Allow from 210.134.83.62 Allow from 210.146.60.197 Allow from 210.146.60.198 Allow from 210.146.60.199 Allow from 210.146.60.204 Allow from 210.146.60.205 Allow from 210.146.60.206 Allow from 210.146.60.207 Allow from 210.146.60.208 Allow from 210.146.60.209 Allow from 210.146.60.210 Allow from 210.151.9.173 Allow from 210.151.9.174 Allow from 210.151.9.175 Allow from 210.151.9.179 Allow from 210.151.9.180 Allow from 210.169.193.224 Allow from 210.169.193.225 Allow from 210.169.193.230 Allow from 210.169.193.231 Allow from 211.8.49.161 Allow from 211.8.49.162 Allow from 211.8.49.163 Allow from 211.8.49.164 Allow from 211.8.49.165 Allow from 211.8.49.166 Allow from 211.8.159.129 Allow from 211.8.159.130 Allow from 211.8.159.131 Allow from 211.8.159.132 Allow from 211.8.159.133 Allow from 211.8.159.134 Allow from 211.8.159.135 Allow from 211.8.159.136 Allow from 211.8.159.185 Allow from 211.8.159.186 Allow from 211.8.159.187 Allow from 211.8.159.188 Allow from 211.127.183.50 Allow from 211.127.183.51 Allow from 211.127.183.52 Allow from 211.127.183.53 Allow from 210.151.9.50 Allow from 210.151.9.137 You see ,some of them are consequent and some are not. For those listed above are only a part of them ,create workstations(object) for all the ip(about 400) is reallyhard work and it is difficult for maintenance in the future.Do someone know whether there is other better ways to avoid this. And will this have some affection to the running speed of Firewall module ? Thanks in advance! ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
