Greetings!
Rick Brown wrote:
> So if I set up my ISP's nameservers as forwarders on
> my internal DNS server, what traffic do I need to
> allow through my Checkpoint firewall? What can I do
> to make it as secure as possible?
DNS-UDP (udp/53) out only. The answer should get back because of the
stateful inspection(tm) if the firewall is set up accordingly. Depending
on request you may need TCP out too - if there are long DNS names to be
expected (rarely the case) - or if you want to do DNS debugging.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
