Greetings!
Achim Dreyer wrote:
>
> I have a customer who wants to change from Checkpoint FW-1 to a
> Watchguard Firebox based firewall. As the logic behind this firewall
> (rules based on services and an incoming/outgoing definition on device
> level) is complete different from the rule base definitions of FW-1
> (and almost all firewall implementations I'm used to) I need something
> like an introduction to it.
Watchguard - like a number of appliances (e.g. SonicWall) does
automatic rule sorting. The sorting rules are described somewhere
in the manual. Unfortinately the Watchguard (IIRC) never tells what
the current priority of the rules are (different e.g. to SonicWall).
Additionally the rule display is quite ... hm ... with coloured
icons. Read: you don't get any usable overview. Of course this
does not exactly enhance troubleshooting.
Basically: do NOT try to directly "translate" the FW-1 ruleset.
Better get the business needs from your documentation (or: deduct
from the FW-1 ruleset) and construct a new ruleset - if possible
with only a last, single Any-Any-Any-Drop rule (and no other drops).
If you think "proxy" style (as opposed to FW-1's "packet filter"
style), construction of the ruleset will be easier.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
