SonicWall supports IKE key exchanges via Diffie-Hellman group 1, quick, main
and aggressive modes. The shared secret is used to encrypt the symmetric
key for secure transmission. This symmetric key is then used to encrypt the
traffic to be exchanged.
cheers-byron
- Original Message
Good paper on Diffie-Hellman key exchanges:
http://www.sans.org/infosecFAQ/encryption/diffie.htm
Info on IKE:
http://www.sans.org/infosecFAQ/encryption/ipsecs_role.htm
http://www.faqs.org/rfcs/rfc2409.html
- Original Message -
From: simon chan [EMAIL PROTECTED]
To: Byron [EMAIL
solutions from $500 to upwards of $150,000+.
Byron
- Original Message -
From: Rodel P Hipolito [EMAIL PROTECTED]
To: 'Firewalls [EMAIL PROTECTED]
Sent: Tuesday, January 22, 2002 1:06 PM
Subject: Win2kAdvance Server
Hi Guys,
Does windows 2k advance server has a built in firewall
i like that, master controller server :-)
- Original Message -
From: Bill Royds [EMAIL PROTECTED]
To: Timothy K. Cornelius [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, January 22, 2002 3:35 PM
Subject: RE: VPN issue
What is the OS of your home system?
If it is earlier than Win2K
Sure i would - properly administered and secured. i do it all the time.
Kicks butt. So do properly patched and secured linux systems including the
latest Security Advisory - RHSA-2002:007-16, oww yeah and what about ftpd
and ssh Q4 2001. All systems have issues.
I've read them all and
for any advise.
regards,byron
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
with the training partner,
can provide a perspective that Cisco may not have, nor be at liberty to
offer.
I'm primarily interested in content, and didn't mention certification.
later,Byron
-Original Message-
From: J Weismann [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 08, 2000 11:46 AM
here. I've never used it - sounds like a proxy of
sort.
cheers.byron
-Original Message-
From: Matt Richoux [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 13, 2000 7:10 AM
To: 'Byron Kennedy'
Cc: '[EMAIL PROTECTED]'
Subject: RE: LinkSys 4-Port Router
Yes, I have gotten it to work
We've got a couple netscreen firewalls we're interested in monitoring and
presenting output in html (like the web trends product). Does anyone know
if there's a snmp mib for the netscreen firewall that we could use with
MRTG. Anyone doing this out there?
tia
Byron Kennedy
Network
for the 5. Here is a great benchmark review of higher end VPN firewalls
including the 100a. (in case you missed the big link on their site):
http://www.commweb.com/article/COM2912S0009
good luck,Byron
-Original Message-
From: Andrew Lawrence [mailto:[EMAIL PROTECTED]]
Sent: Monday
well written
-Original Message-
From: Dave Mikulka [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 26, 2001 9:46 AM
To: [EMAIL PROTECTED]
Subject: Microsoft.com DoS attack.
During the morning of January 25, Microsoft was the target of a
denial-of-service attack against the routers
Here's a great general ref. doesn't get too vendor specific though.
http://www.oreilly.com/catalog/fire2/
cheers.byron
-Original Message-
From: Mark Jones [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 21, 2001 3:19 PM
To: [EMAIL PROTECTED]
Subject: Where
You
didn't mention your current environment but i highly recommend MS Exchange
2000.
I
don't have time to sell you on the features, but check out http://www.Microsoft.com/exchange
It does support ldap and most other popular internet access
protocols.
Good
luck! Byron
-Original
i
would pose this question to the unsuspecting C G VAR channel
respectively
-Original Message-From: Pop
[mailto:[EMAIL PROTECTED]]Sent: Sunday, March 11, 2001 2:05
PMTo: [EMAIL PROTECTED]Subject: Re: We talk of
MONEY $$$
HEY
I have got request
for price
controller? in my little mind, that would dictate the transport and apper
layer protocols required to communicate between the hosts.
Byron
-Original Message-
From: Sonny Lee [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 23, 2001 11:29 AM
To: [EMAIL PROTECTED]
Subject: NetBEUI between DMZ
mrtg might help
-Original Message-
From: bob bobing [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 27, 2001 11:07 AM
To: [EMAIL PROTECTED]
Subject: PIX Load
Can someone please tell me how to find out what the
load on a PIX is? At what point do i say, ok this pix
isn't cutting it
my thoughts,
dns: both ways, if it's hosting a public domain
smtp: "out" to send mail to other smtp servers, "in" to receive mail from
other smtp servers. my guess is that you just need to send from your web
server, but if you need to store and forward for a domain you'll need inbound as
which is best is relative. they all provide similar services, applied in
different ways and each have their strengths. I've messed with most of them
and think the Netscreen stands out in terms of VPN performance. Your needs
analysis should help you prioritize features and guide you in choosing
they can be. I've worked with routers that range in price from $75 to
$75,000. depends on what you're doing, what your needs are. As many of us
have mentioned, quantifying your needs will help dictate a solution.
byron
-Original Message-
From: Zachary Uram [mailto:[EMAIL PROTECTED
Need to Multi-home a network and just curious how others are dealing with
this issue out there.
Background:
E-commerce client (50 node) has one line-of-sight laser internet
connection now at 1.5 MB (I think) w/ Cisco router. Because this technology
can be a little temperamental the client
.
Thanks again for the pointers!
cheers.Byron
-Original Message-
From: Laris Benkis [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 08, 2001 3:30 PM
To: [EMAIL PROTECTED]; Byron Kennedy
Subject: RE: Multi-homed Internet connection
Byron,
As black says, you should solve it at the router
Hi Henrik,
In the rules/policy section: try defining your internal address block (i.e
trusted LAN) in the address book and using that as opposed to inside
any. I've had trouble with this in some OS versions.
byron
-Original Message-
From: Henrik Grankvist [mailto:[EMAIL PROTECTED
Title: WINS with PIX
WINS
is Microsoft's implementation of theNetBIOS name-server rfc. assuming your
vpn allows all netbios ports, just point all clients to your wins server.
confirm functionality by:
1.
ping by netbios name
2.
net view \\wins_server
(netbios)
if
your authenticated #2
Hi Devon,
don't set the system ip address to be on the public/untrusted interface.
Routing will be easier the way you have it.
The reason you can't connect from the untrusted network to the trusted
interface is because you have a firewall policy that is preventing you (no
mip) - and that is a
with appliance/network firewalls on the vpn endpoints.
Byron
- Original Message -
From: Alvin Oga [EMAIL PROTECTED]
To: Rick Lim [EMAIL PROTECTED]
Cc: firewalls@Lists. GNAC. NET [EMAIL PROTECTED]
Sent: Tuesday, September 25, 2001 3:58 PM
Subject: Re: Firewall and pc anywhere
home pc #1
For $39 you should upgrade to the Pro-version. it will give you more
granular control over icmp, tcp, and udp. This will help until you get some
dedicated bandwidth, then investing in a dedicated firewall.
So, are you using dialup RAS and etrn with your exch ims?
cheers.byron
-Original
this info is online at www.netscreen.com. refer to the users guide and
concepts and examples guide. i think there is also a quick setup guide
available.
cheers-byron
-Original Message-
From: Warren van Eyssen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 01, 2002 10:56 PM
Hi guys, fyi pop3 is port 110, not 25, smtp.
As i think has been alluded to, block everything, then open up ports as you
need based on what services you require. There are valid reasons for
allowing icmp and other inbound in subject to some shaping, but then there
are great reasons to block it.
have your client click on try this:
http://www.sdesign.com/securitytest/index.html
-Original Message-
From: Ravi Kumar [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 06, 2001 9:39 PM
To: [EMAIL PROTECTED]
Subject: How to find out about Open ports on firewall
Hi,
Is there any way
29 matches
Mail list logo