unsuscribe [EMAIL PROTECTED]
Firfewall-1 listens to a series of management ports
on all interfaces if the "Accept VPN-1 Firewall " implied rule
under Security Policy is checked. Bombarding the management ports with
malformed / oversized packets could cause old (2.1) FW-1 to hang hard - a
DoS. I don't know if they
I guess if it doesn't have a point and click interface you wanna be
engineers don't like it! There is nothing wrong with the PIX firewall.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 10:20 AM
To: [EMAIL PROTECTED]
Subject: Firewalls
Hi,
We are running Gauntlet 5.5 on Win NT 4.0 SP5+hotfixes coming out of
our ears. I am at present having issues setting up static NAT.
Dynamic NAT runs 100%. The static rule we are using is local IP:
192.168.x.151, global IP: x.x.x.105, with the global interface set to
external (untrusted).
agreed...
-Original Message-
From: John Maestrale [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 7:26 AM
To: '[EMAIL PROTECTED]'
Subject: Why netscreen instead of say sonicwall
I guess if it doesn't have a point and click interface you wanna be
engineers don't like it! There
Thiago,
264 isused for
theBGMP
Description:
Protocol suite:
TCP/IP.
Type:
Application layer
protocol.
Port:
264
(TCP).
bgmp, Border Gateway Multicast
Protocol.
Hi All,
I have the following problem with the Netscreen VPN access and cannot find
any
answers in the knowledge base. Local distributor cannot help either.
Internet
|
|
Cisco 805
|
|
Netscreen 5xp
|
I like the old fashioned style of point and click . . .
Point at the keyboard and hear those keys click!!!
-Original Message-
From: Hudson Delbert J Contr 61 CS/SCBN
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 11:35 AM
To: 'John Maestrale'; '[EMAIL PROTECTED]'
Subject: RE:
I have an external web server accessible via HTTPS
only that I want to require user authentication for
via RADIUS. When I try to install the policy I get
the following error:
User authentication is not yet available for service
HTTPS
If I switch to just using HTTP, everything works fine
and
On 5 Mar 2002, at 10:25, John Maestrale wrote:
I guess if it doesn't have a point and click interface you wanna be
engineers don't like it! There is nothing wrong with the PIX firewall.
-Original Message-
32K of unedited list digest snipped
The ways in which the netwcreen and
On 5 Mar 2002, at 9:35, Hudson Delbert J Contr 61 CS/SCBN wrote:
agreed...
-Original Message-
This is, I think, a new low in signal-to-noise, even for this list:
33K of quoted material to add a single word and nearly NO information
at all
DG
OK, a couple of quick points...
1. Gauntlet 5.5 on NT is unstable and weird. Try reinstalling the
product from scratch - it may well start working as you expect. No, I am
not joking.
2. The idea about Gauntlet is that you _don't_ use NAT. It's a proxy
firewall. Have a good long think about your
I will comment concerning the original request.
I used to recommend Sonicwalls and they normally functioned fine for general
firewalling in small shops. At that time there were no other appliances for
that market, at least that I knew of. My first issue with them was that
when we were going to
2. ok problem here. Gauntlet NT (and only NT) can't
bind proxies to ips. This really hoses the whole proxy
formula i think :).
--- Ben Nagy [EMAIL PROTECTED] wrote:
OK, a couple of quick points...
1. Gauntlet 5.5 on NT is unstable and weird. Try
reinstalling the
product from scratch -
Leaving aside the fact that 5.5NT is unsupported and a version old, I
never had any problems getting basic proxy operation to work. Are you
talking about binding to IP addresses that aren't the same as the
external NIC of the box?
If so, I really distantly recall that it might be a (lack of) arp
No, i'm talking about binding a proxy (lets take
http-gw) to just the internal ip address, so that you
can bind other proxies (that will act differently) on
the outside interface (port 80/443 as an example
again).
But like you said, its old an unsupported.
--- Ben Nagy [EMAIL PROTECTED] wrote:
I am interesting in hearing from people who have
implemented user based AAA for internal access to a
secure data center or similar deployment. I've listed
the methods I am familiar with:
1) Dynamic ACLs (Cisco Lock-and-key, Checkpoint
client/session auth). Basically a one-time user
17 matches
Mail list logo