Hello Eric,
At 03:51 PM 4/19/2006, you wrote:
Hi ,
I have a few GBOS4 questions:
1. Will the VLAN support (assuming this means .1q support) have to be
licensed like physical interfaces?
No, it is not licensed similar to regular interfaces. However, the
number of configurable VLAN's is product specific.
2. Are there any enhancements to H2A such as:
a.) state full failover
b.) automatic master\slave policy synchronization?
Currently no, however, this is something we are looking at.
3.) Has a feature of limiting only one administrator to modify
the policy at the same time been implemented?
Currently not in this version. I will check to make sure this
request is logged properly for development review.
4.) Is there any protection against applying only
half a policy if the HTTP post of config was interrupted?
i.e client browser crash, BSOD, reboot
In most cases the firewall should protect against applying half a
policy. Any case where we find this occurs we attempt to correct.
David, could you expand on the concepts of:
--Group support for security policies
In previous versions we did not have group support. Authentication
was all or nothing.
Simple Example -
Following Groups are created -
Group A (Shipping) has web browsing permissions to FED EX, UPS, DHL etc....
Group B has all access
Authentication is required on all outbound connections
A policy is created that allows Group B to only the shipping related
sites. This policy of course requires authentication and reference Group A.
A second policy is created for Group B for all access with
Authentication referencing Group B.
Before a user can go out bound they have to authenticate with the
firewall. And filter (Policy) matched is based on source IP,
destination IP, ports, protocols, and the Authentication Group.
The groups can be used in
Content filtering
Tunnels
VPN - Set the users VPN methods and networks connecting to
Policies (Filters)
--Object Encapsulation
This is a little bit of an expansion on our current objects. We
added Service Group Objects and Encryption Objects.
Service group objects allows one to create services such as http, ftp etc...
When making a tunnel or policy you can reference these pre-defined
objects. Where before a host had multiple tunnels for www, ftp, ssh
you can make one definition for these instead of 3 or more.
Encryption objects are slightly different. We are attempting to make
VPN configuration easier for users adding the flexibility of
designing the encryption, hash methods in objects and not forcing the
users to create a VPN object configuring the methods at that
level. Slightly more complex to add flexibility.
We have updated the Address Objects to new types. These types allow
one to control where the objects are displayed. For example - Mail
Sentinel Objects only display in the Mail Sentinel Email Proxy, Surf
Sentinel in content filtering, Security in Policies, and ALL every where.
And you can still place objects in object and groups in groups.
David
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
