Paul Robertson wrote: > > [on not disabling sequence number randomization] > Hmmm, I suppose that you've not had to do "dual in-line" boxes with > asymetric routing at Web farms then?
I don't really understand what you mean here, but if it involves packets only passing through the firewall in ONE direction, our state engine would hate it anyhow, randomization or no randomization. At this point, one would have to resort to stateless packet forwarding rules. > > Besides, you're supposed to be toting proxies here, remember? > > You don't get to speak about performance in this thread :) > > Hehehe, you've given up enough points Okay then damnit :) <marketroid warning> Ubj qbrf shyy-qhcyrk tvtnovg guebhtuchg teno ln? </marketroid warning> > that I get to pick at the "automatic filter wins" too! ;) I didn't get that one, I'm afraid :/ -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com Ynlre 8 frphevgl fbyhgvbaf: uggc://yneg.onqs00q.bet _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
