I am guessing that the ACL option on the Nokia is
strictly for people who can't seem to get it out of
their heads that stateful inspection makes more sense
than ACLs. For the truly paranoid the Nokia also has
route filters.
--- Carric Dooley <[EMAIL PROTECTED]> wrote:
>
> Hmmm... no. If you check the box in Voyager to let
> FW-1 handle the routing
> you shouldn't need additional ACL's on the Nokia
> assuming you are not doing
> any additional routing with it. Even then, you
> should be able to define how
> you want the routing accessed via the policy since
> the Inspect engine shims
> in below layer 3.
>
> Carric Dooley
> Network Security Consultant
>
> "I have often regretted my speech, never my
> silence."
> - Xenocrates (396-314 B.C.)
>
>
>
> ----- Original Message -----
> From: "D H" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, June 08, 2000 8:07 PM
> Subject: [FW1] ACLs on Nokia
>
>
> >
> > Is it a necessary to run Nokia ACLs even if FW-1
> in running? If so, should
> > the ACLs be similar to the rules set up with the
> FW-1 security policy, or
> is
> > it useful in some other way?
> >
> > Just wondering what I should do with that
> option...
> >
> > -- DH
> >
> >
> > -----Original Message-----
> > From: hermit1 [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, June 08, 2000 4:30 PM
> > To: Mayne, Peter;
> [EMAIL PROTECTED]
> > Subject: Re: [FW1] High Availability: HA Module on
> NT vs Nokia
> >
> >
> >
> > The Nokia is not really a black box. First you
> need to treat it as a
> > router - define VRRP, interfaces, routes or
> routing protocol, ACLs if
> any,
> > etc. If you aren't familiar with routing you will
> have trouble with
> > this. Then you work with FW-1 on top of that.
> Make a couple of
> allowances
> > in the FW rules for the VRRP setup. It is
> probably worth it for an NT
> shop
> > to pay for the initial install.
> >
> > hermit1
> >
> >
> > At 06:36 AM 6/9/00 +0800, Mayne, Peter wrote:
> >
> > >Assume I want to install a highly available
> firewall. The two options
> under
> > >consideration are a pair of Nokia systems using
> VRRP, and a pair of
> Windows
> > >NT systems with the CheckPoint HA module. A
> Solaris or other UNIX
> solution
> > >isn't being considered because an NT shop doesn't
> want to learn how to
> > >manage a Solaris system, whereas a Nokia can
> presumably be treated like a
> > >black box.
> > >
> > >Cost aside (since the Nokia solution seems to be
> cheaper), what are the
> > >pros
> > >and cons of one vs the other? Under what
> circumstances (if any) would I
> > >prefer a particular Nokia or NT solution?
> > >
> > >
> > >PJDM
> > >----
> > >Peter Mayne, Compaq Computer Australia, Canberra,
> ACT
> >
> >
> >
> >
>
============================================================================
> ====
> > To unsubscribe from this mailing list, please
> see the instructions at
> >
> http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
> >
>
________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com
> >
> >
> >
> >
>
============================================================================
> ====
> > To unsubscribe from this mailing list, please
> see the instructions at
> >
> http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
>
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
