[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] External interfaces
Greetings! Riccardo Baldanzi (Hawk) wrote: [...] but i cannot set anti-spoofing details on interfaces because all are external ony (all the other flags are greyed out)
As you did not define any IP ranges/nets for other (physical) networks - calculation left as practice for the student. ;-)
Some examples in table form: location sec. comm. checkpoint ----------------------------------------------- LAN internal internal WWW/Internet EXternal EXternal DMZ EXternal internal Dial-In DMZ EXternal internal partner net EXternal internal Licensing implications are more clear with CKPs diction. Even if a partner's network is protected by the partner's CKP, you'll have to license your machine to cover those networks, too. Before it was a matter of interpretation (CKP or Sec.Comm.) which license you need. From a cautious (i.e. paranoid) view the CKP interpretation puts too much trust into probably unsafe segments by even calling them internal. Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin Telefon (030) 6104-3307 Telefax (030) 6104-3461 [email protected] http://www.discon.de/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|