I've got a better idea....get rid of the Checkpoint firewall and let the PIX
handle everything. :-) Seriously, the PIX is a lot beefier machine. I
would reconsider your decision to let the Checkpoint handle the brunt of the
traffic. The PIX can handle far more traffic than the Checkpoint, assuming
you have a fairly new PIX and your checkpoint FW isn't a dual 1.5 GHz
Pentium III with a gig of RAM.
Then again, I may be wrong and your mileage may vary. I guess that I can't
really give you a definite answer without knowing more about your specific
goals and network topology.
> Hi Group,
> I know that this is going to be very broad but just bare with me on
this one. We are switching over our firewall router from a bay to a cisco.
The cisco one that I am going to work on is already pre-configured except
for access-lists and filters. What they basically told me is that the
checkpoint device behind it will take care of all of the intense blocking
and forwarding, but on this FW-router we just want to block the basic things
that are usually not allowed through.
> Here's what I was hoping for. Just a basic list of things that are
normally blocked on the router above the FW. For example, I know that I'm
gonna set an inbound access-list denying telnet so that the checkpoint
doesn't even have to worry about that. I am just looking for a list of
services/ports/etc., that as a rule of thumb to you FW guru's, are usually
denied. I know this is broad and I'll understand if I don't get much
feedback. Gotta also find that whitepaper on FW's. Concidering this will be
my first time coming anywhere near a FW (FW Virgin) I'm a little nervous and
hope you guys can help out. Thanks all, =o)
>
> Mark Z...
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
