Greetings!
"Piedade, Rick" schrieb:
> On the checkpoint firewall, we are doing a new install.
> We were using raptor and now this is the 1st setup to replace them.
Okay, common pitfalls and useful hints:
- Raptor does harden the OS during install, but Checkpoint does not.
You will have to do the necessary bastioning manually.
- If you have a large ruleset you can transform at least your
network entities with a small tool (Raptor2Ckp and others, see
http://www.wyae.de/software/ ) to be included manually into objects.C
- For the sake of better understanding always think (simplified):
Raptor == Proxy and Checkpoint == Router-ACLs
- With respect to the ruleset Raptor does "best fit only",
whereas Checkpoint does "first match".
- Do not forget the implicit rules (View / ImpliedRules) as set in
Policy / Properties.
- NAT and routing: Checkpoint does "Routing before NAT"
- Make sure you have the Any --> Any : Drop (log)
cleanup-rule installed as last one in the FW-1 rulebase.
> We can telnet to the firewall from the outside.
> The firewall doesn't even have anything in its logs saying we tried.
See above: I guess "Implied Rules" and no hardening - and maybe a
missing cleanup rule.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
