Samuel,
Well fw1 does have the ability to inspect inbound and
outbound. You do this by setting the "Apply Gateway Rules
to Interface Direction" to 'Eitherbound'.
As for increased performance - nope. You basically double
the performance _hit_.
See http://www.phoneboy.com/fw1/faq/0102.html for more
info. You can search www.securepoint.com for comments
on the good and evils of doing the above.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Samuel Kindrol" <[EMAIL PROTECTED]> 11/14/00 4:44:28 PM >>>
>Pardon me if my question is stupid or irrational..
>
>In Checkpoint FW-1 there is only one rulebase against which both incoming and
>outgoing traffic is
>matched. Instead of this if there were two different rulebases (sets of rules) for
>incoming and outgoing
>wouldn't it give better performance?
>
>Why is this not there? Or is this the way the policy/rulebase works after compilation?
>
>I think this feature is there in IPChains !!!
>
>Thanks
>Sam
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
