Richard, In my opinion it's not the way "how easy it is" to configure a rulebase. I don't care how easy as long as it's good, functional and more of all secure.
I think firewall administration is not for anyone that knows how to make a rule in CP FW-1. You need to know more to setup a right rulebase. You need to know more about what service you are going to allow and what the implications are on the firewalls / server. Firewall administration doesn't need to be made easy because a firewall will not tell you that you made a wrong rule that opens up your whole network. Firewall administration needs to be made thorough and secure. A good viewable GUI is an advantage but if the firewall itself lacks security that doesn't make it more secure. Administrating a firewalls ruleset in a plain text file maybe a pain in the ass if the rulebase is big but then you will learn administrating firewalls the hardway (in my opinion). Its still possible to openup the rulebase more then it need though! Just my thoughts.. Regards, Brenno > -----Original Message----- > From: Richard Saddington [SMTP:[EMAIL PROTECTED]] > Sent: dinsdag 4 december 2001 13:59 > To: [EMAIL PROTECTED] > Subject: How easy is it to configure a rulebase. > > Hi All, > > I am an undergrad student researching firewall technologies, specifically > > how rulebases are configured to filter packets. > > What I would like to know is problems people have had configuring rule > tables, e.g. getting the rules in the right order, difficulties > implementing > the security policy/changes in security policy etc. > > The two products I have been looking at are CP's Firewall-1 and the > Netscreen-100. Any info on rulebases on these firewalls would be most > useful. > > Cheers > Richard > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
