Jor wrote:
[snip!]
> > Some telnet, ftp
>
> DON'T - repeat: DO NOT allow telnet through the FW - Get your
> users to use ssh (www.f-secure.com) !
> otherwise, no problem if the FTP proxy runs on its
> own machine in the DMZ.
I take it you mean no telnet *in* through the firewall. Out is generally
OK (With the usual proviso that the data is unencrypted)
Also, you need to make sure (If it is incoming) That you get the version
of sshd *without* the security holes.
I generally enable both ssh and telnet (OUTGOING) and disable both
incoming.
I also generally allow transparent FTP out through the firewall.
[snip!]
> There is an URL on checkpoint webpage that schould give you
> an idea:
> http://www.checkpoint.com/products/firewall-1/pbrief.html
>
> note, that fw-1 scales pretty good - and that running
> security servers (also called proxies) on the FW1 itself,
> this will reduce throughput from 5% up to 50%, depending
> on the situation,setup,data, etc...
*DONT* Run proxies on your firewall. This is a bad thing (TM).
You reduce the security of your firewall to the security of the proxy
apps...
I don't even like running the management daemon on the firewall.
> For you setup, i think a Sun Ultra1 or Ultra2 should be enough,
> if you dont put proxy services on the fw itself.
My 0.02 worth, I'd recommend only using the Sun-based options, since the
integration with the kernel is better...
> --
> Juergen P. Meier email: [EMAIL PROTECTED]
> Class GmbH Firmengruppe phone: +49 172 8379103
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
Gav
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
