On Sun, 9 Jan 2000, Chris Hurley wrote:
> Hello,
>
> I trying to find out if there is a way to open all ports on a Wingate proxy
> server. I am trying to limit the number of changes that I have to make when
> I add a new service as well as restrict incoming traffic.
Perhaps you should question why you even have a firewall if your security
policy dictates that opening up everything is ok. A couple of filtering
rules on a router would support such a policy without the added latency
and security concerns of a host-based firewall. As a bonus, it'd be
pretty obvious how low a level of security there was, as opposed to
fielding a firewall and having people belive they're getting significant
benifit from it while turning it into a sieve.
4 to 5 lines of Cisco access list (even inbound interface ones
which are process switched) probably wouldn't add over a millisecond of
latency to your traffic. Surely even the best of alternative solutions
have to be good for at least 3x that. Not to mention the fact that a
router's packet buffering code is much better optimized than that of
almost any host-based solution. Low-end routers (even Ciscos) are
typically cheaper than PCs too, so you could save yourself a PC purchase
by moving the "proxy" to a more apt purpose and pick up a cheap router
like a 1600.
FWIW, the Wingate documetation is online at:
http://web.oxi.net/wingate/helpdesk.htm
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
