So is netscreen a firewall? I would call it a packet
filter/vpn.
It uses custom ASICS..
acs
--- Ben Nagy [EMAIL PROTECTED] wrote:
I think a better definition is that a hardware
based firewall would need
to run dedicated ASICs (or whatever) for all
firewall functions.
Anything that uses
featured
application layer firewalls be running on hardware
like this.
acs
--- Ben Nagy [EMAIL PROTECTED] wrote:
Well, ignoring the ASIC confusion question - does it
run any code in RAM?
I'm more than happy to eat my words about there
being no hardware firewalls
if it doesn't...
To elaborate
for the bad
guy to exploit and he can't (very difficult) put his
own on the machine.
acs
--- Ben Nagy [EMAIL PROTECTED] wrote:
Heh - that was why I said that I don't think it's a
practical idea. I can't
see that it's possible. ALGs need to write stuff
off
to disk to work
properly, and the memory
For a firewall the best choice is OpenBSD.
Security is OpenBSDs reason for existance.
Security is not easy. The difference in ease of
configuration between the two in not that great.
Try them both. See which you like.
acs
--- Thorsten [EMAIL PROTECTED] wrote:
We are discussing to use
Does checkpoint support bridge mode (transparent)
interface configuration on any of the platforms that
it runs on?
Alcatel has a switch that looks like it may.
TIA
__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
The brick is pre hardened.
It is a brick!
--- Shoney Joy [EMAIL PROTECTED] wrote:
Hi people,
Can u please tell me, where i can find out
vulnerabilities of Lucent Brick
Firewall 201. I would like to harden the same before
puting on the
production network..
Thanks in Advance
Don't those things have wizards!
The non tech types here love the wizards and think the
netscreens are too complicated!
I will take the netscreen..
--- nagesh [EMAIL PROTECTED] wrote:
HI All,
Can anybody let me know how to enable the firewall
stuff like Packet
Filtering, Masquerading etc
application layer firewall that has
all this? Suprisingly the FW I am migrating from
(UUNET interlock) has all of them but is at the end of
life. BTW gauntlet and raptor logging sucks compared
to interlock.
TIA
acs
__
Do You Yahoo!?
Yahoo! Auctions
I am looking at the radware also.
Radware does L2 7
Cisco does L4 7
acs
--- [EMAIL PROTECTED] wrote:
Does anyone care to share opinions about Radware's
FireProof switches
versus the CSS 11000 line available from Cisco?
TIA!
Chris
Chris Hastings, CCSA, CCSE
Brainbench MVP
machines.
The guis just implement the commands that would be
used on the command line. The command line can do
everything the gui can plus more. You can update the
software, ping, traceroute and snoop.
acs
--- Paul Murphy [EMAIL PROTECTED] wrote:
Can anyone tell me where the security
they will put it on their list of desired features.
acs
--- Paul Murphy [EMAIL PROTECTED] wrote:
Right, you can save the config somewhere else cool.
Is there anyway to do automatic backups?
Is the snoop like Unix snoop?
Do you know if you can tunnel the web interface
through SSH
I don't think the trasparent mode on sonicwall is true
layer 2 bridging. I think it is just not pingable.
acs
--- [EMAIL PROTECTED] wrote:
According to the desires you listed, I think that
SonicWall internet
Appliances might suit your needs. I havent used the
HA portion, but I
know
All the filtering capabilities are available in
transparent mode.
The ability to do transparent sets netscreen apart
from most firewalls / appliances.
acs
--- Paul Murphy [EMAIL PROTECTED] wrote:
Does anyone know if a Netscreen in transparent mode
still enforces all parts of the security
That is not good, I would like to hear more. We are
evaluating them.
acs
--- Paul Murphy [EMAIL PROTECTED] wrote:
Yep... which is an excellent feature. Except in a
private response I have been told that state sync in
an HA configuration doesn't work in transparent
mode.
Paul
another layer 2 firewall, based on OpenBSD
http://www.mfilter.net/
acs
--- Paul Murphy [EMAIL PROTECTED] wrote:
Yep... which is an excellent feature. Except in a
private response I have been told that state sync in
an HA configuration doesn't work in transparent
mode.
Paul.
acs
Anybody have experience with radware or foundry's
firewall load balancers?
I need something that works with an existing old
application layer firewall.
Foundry has a solution that looks like it is for
packet filtering firewalls.
Does cisco have something equivalent/better?
TIA
Is this a true stateful filter or some cisco
abomination?
--- Richard Pitcock [EMAIL PROTECTED]
wrote:
Using established with the permit command in a
access list will filter TCP
packets based on whether the ACK or RST bits are
set. It will only work with
TCP.
Reflexive access lists,
I have not messed with the netopia but I would be
surprised if the netopia and netscreen have the same
code.
The netscreen is better than the sonicwall in many
ways.
acs
--- Vincent Power [EMAIL PROTECTED] wrote:
I'm looking at equipment to put in branch offices
and home offices.
All
IPfilter on OpenBSD in bridged mode is a good option.
If you want to spend money the sunscreen or netscreen
are good (both can do true layer 2 bridging).
Going with a real packet filter is always a good idea!
acs
--- Paul D. Robertson [EMAIL PROTECTED] wrote:
On Mon, 23 Apr 2001, JR Ponce
Anybody have any ideas on dealing with (controlling /
preventing) all these http tunnels?
Is there a http proxy smart enough to block this or is
it hopeless?
Traffic analysis may help, but any time soon?
Are we all on the verge of becoming obsolete?
TIA
acs
We have wrestled with this problem also.
We have deployed black ice and I find it of no use.
We also use the linksys $100 thing and it is not very
useful either (although you can get ipsec client
tunnels out).
What we have found works the best is netscreen 5 and
either nortel ipsec or
I have evaluated all of them and can say that the
netscreen is more versatile.
The transparent mode (true layer 2) and the multiple
admin methods make it very powerful. It is also very
fast.
acs
--- [EMAIL PROTECTED] wrote:
Well I dont know too much about the other products
but you can get
. Port 80 is a risk. Admin login left
open is a risk. B's people having admin on A's
machine is a risk.
Sounds like a nightmare, unless of course A trusts B,
or I have missed something.
acs
--- Brian Steele [EMAIL PROTECTED] wrote:
Not really a firewall issue - more of a secur
mmm yeah but checkpoint claims to do more..
Gauntlet has a real proxies and packet filtering.
acs
--- Bill Royds [EMAIL PROTECTED] wrote:
A packet filter looks only at the IP and TCP/UDP
headers (it may assemble the stream for TCP) but not
at the contents of the packet.
An Application
I am having a problem with my spf 200 PFs.
The admin interface occasionally goes down, not
allowing communication, i.e. log checks and
configuration changes. On the console, it shows that
it is up, even when it isn't working. An "ifconfig
hme0 down" then "up" clears the problem.
Sun has come
NAT
and proxies...
acs
___
Aaron C. Springer
[EMAIL PROTECTED]
pgp key published
___
__
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
-
[To unsubscribe, send
Yes, thank you for the suggestion we have socks
servers but, I don't really want to use SOCKS unless I
have to. I can't tell the unix users to compile their
own socks client. Plus, I don't run the SOCKS servers
and the SOCKS guy does not support the NEC socks UNIX
client... HUGE network..
acs
I run the firewalls for a huge network... we have more
and more need for outbound ssh. We are using plugs
for each user or subnet to each destination.. This
can't scale for long..
I am trying to find the best way to let the traffic
out but retain some control. A bastion host that the
users
Anybody had the displeasure to mess with ANS (now
UUNET) interlock?
I have inherited a few and they look like junk..
Any pointers to tools/info to use this beast? A tool
to convert the binary rule file to ascii and back
would be great, just changing an IP is a nightmare
with this thing.. I
is not needed Nortel
contivity works well.. and can be configured to allow
split
session tunnels along with a client policy that will
shut down the tunnel if certain traffic on the client
is detected. Infoexpress is another option..
acs
__
Do You Yahoo
Does anyone have any opinions/experience as to which of these two firewall
solutions works best? Working in a company with about 500 users and needs a
solution that will provide VPN access as well. They also starting to do a
lot of "e-business" (thus the need for the new firewall) so they want
, December 28, 1999 4:45 PM
To: ACS; [EMAIL PROTECTED]
Subject:RE: Firewall solution
I would suggest Check Point's FireWall-1 on a Nokia
platform. It is easy to
configure, simple to use and a breeze to install, plus it
provides
I am a consultant on site with a client who is looking to implement a good
firewall solution. At the current time, they are just running MS Proxy
Server 2.0 which gives them NAT and internet access but no real security. I
have never really worked much with security, but would like to assist
Good afternoon,
We have recently purchased a PIX/Private Eye solution to use as a firewall.
My background in net security is minimal and I have been looking for some
formal training on this equipment and concepts. It appears as though the
only thing that Cisco offers is the Managing Cisco
34 matches
Mail list logo