There's two things you can do here:
1: Implement a Hide-mode NAT for outbound FTP/Telnet traffic, where you
hide the whole internal network behind another address - then just publish
that address in DNS
2: Use the built-in FTP and Telnet security servers and have your users
use Firewall-1 as their FTP/Telnet proxy.
Hope this helps.
Jason
At 07:11 PM 7/3/00 -0400, Becker, Jim wrote:
>
>I have an increasing number of users who want matching forward and reverse
>DNS records because they're using ftp and telnet to external sites that
>require it. This is a minor administrative hassle (DHCP reservations where
>I'd ordinarily have them dip into the pool), but from a security standpoint
>I'd rather minimize the amount of info about internal systems I advertise
>via DNS. These users generally have defensible business needs for the
>access.
>
>What can Firewall-1 do for me to spare me the administrative hassle or to
>minimize the amount of internal info I'd need to list in DNS? For example,
>can FW-1 help me implement some sort of ftp proxy server, where the proxy
>has matching DNS forward/reverse entries?
>
>--
>Jim Becker
>The Urban Institute (http://www.urban.org/)
>DECUS ESILUG (http://eisner.decus.org/lugs/esilug/)
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
