On Fri, Mar 01, 2002 at 01:57:52PM -0500, zerokey wrote:
block in log all
pass out all
pass in on fxp0 proto icmp from any to any
pass in on fxp0 proto tcp from any to any port = 53
pass in on fxp0 proto udp from any to any port = 53
pass in on fxp0 proto tcp from cc.cc.cc.cc to any
I prefer sonicWALL over Netsreen, SonciWALL is a little more expensive, but
the GUI interface and the remote capability for managing multiple SonicWALLs
abroad using SonciWALLS Global management Software make it a breeze to
manage, update patches, update virus definitions, and setting up VPN
Thanks
Pico
Netscreen is quite simple firewall, it is more less Network device not a intelligent firewall¡¦..If you need for the soho the mid-range firewalls are almost same in its performance.Netscreen¡¯s Perofmance should be examined in the real network, as it shows quite different performance.All of their
I think the reason many like the netscreen's is the quality of the
products as of late, and more importantly speed. Many of the
vulnerabilities that have plagued other firewall manufacturers..
The best thing, is they try to go towards what the market desires,
without sacrificing security. Such
dont dork around - block all the ranges of addys you've seen and add
more on the choke router - internet facing interfaces - inbound.
send him ip redirects if you can to see if you can knock down his
connections.
he is a piss ant.let your firewall deal with traffic that at least
looks like
irado,
gpo find out what havoc you can play with source-routing then ask the
same d^%$ question.
or better yet send me a traceroute of the router interfaces in your
domain and i will show a really good demo fo why not to allow this.
piranha..
every other paper and/or recipe for
no...
On 14 Feb 2002, at 9:03, [EMAIL PROTECTED] wrote:
the problem in the switch OS (problem of configuration, new
vulnerability on switch OS, ...)
= DMZ without security !!
(Esxuse my english)
Maybe your questions are:
1. If I use a switch in my DMZ, is it okay to allow external
Netscreen¡¯s Perofmance should be examined in the
real network, as it shows quite different
performance.
What do you mean by this? do you mean its slower or
faster (yea right) than what they (being netscreen)
say?
--- Pico GOH [EMAIL PROTECTED] wrote:
Netscreen is quite simple firewall, it