David,
I.
1. You assume I need to create an object called "Protected
Networks" - You are wrong.
2. Renaming the default object (done years ago) to
"Protected Networks" is not the issue.
3. Portions of 4.0.3 want to use "Protected Network", which
DOES NOT exist, and those "portions" cannot be edited to correct the
problem - This is the actual issue.
Solution: By allowing those portions to be edited, it would help to
eliminate the problem.
I have seen similar issues in previous releases.
II.
1. Your assumption about being unable to rename "Protected
Network" is wrong.
2. In older versions you could rename "Protected Network"
(and virtually all other objects) without issue.
3. I did exactly that about 3 years ago, and I just now
tried in 3.4.0, and it accepted the change, and never complained in the
"Verify" section!
III.
1. Your argument implies that GTA may have this issue
across many releases.
2. Since "Protected Network" is blank when you start with a
fresh config, I doubt linking is (or has ever been) an issue - again,
especially since it has ALWAYS worked with our configs.
3. If you were correct on this point, then our configs
would NEVER have worked, and GB allowing such a change could indicate a
flaw exists.
4. I believe allowing such changes was intended by GTA all
along.
IV.
1. It is not as simple as creating a new object - like you
proposed.
2. Since this would create redundancy, it could potentially
impact performance, open new unforeseen threats, and make long term
management that much more complex.
3. Additionally, I cannot rename it "Protected Network";
because I would have to change every single filter, tunnel, etc, to
match that change. This is an unreasonable burden to place on the
customer.
V.
1. You said "The change was made to prevent these objects
from being renamed to keep this from happening." How do you come to that
conclusion?
In closing, your email would have read much better if you had left out
the first (unnecessary) sentence.
Danny
-----Original Message-----
From: David Raistrick [mailto:[EMAIL PROTECTED]
Sent: Friday, December 01, 2006 1:29 PM
To: Cox, Danny H.
Cc: [email protected]
Subject: RE: [gb-users] GTA has released GB-OS 4.0 patch level 3 (ver.
4.0.3) and GB-OS 3.7 patch level 3 (ver. 3.7.3).
> When importing from a previous configuration, the VPN and possibly
> other modules do not function properly if default objects (like
> "Protected
> Network") were changed (like to "Protected Networks"). I also noticed
> the admin cannot manually edit the "hard coded" entries to correct for
> the previously renamed objects.
Stupid question:
Can you just create new objects called "Protected Networks" etc that
contains the default object "Protected Network" ? This would let your
filters, etc, work without having to redesign how the default objects
work or reconfigure all of the filters etc. You'd only have to create 3
or so new objects per firewall.
Right?
If I had to make a guess, I'd suspect that the old default objects such
as "Protected Network" were not designed to have their name
changed...changing the name would likely break their "default" nature
(ie, adding an alias network to the Protected interface would no longer
automaticly populate your "Protected Networks" object. The change was
made to prevent these objects from being renamed to keep this from
happening.
Just a guess.
--
David Raistrick
http://www.netmeister.org/news/learn2quote.html
[EMAIL PROTECTED] http://www.expita.com/nomime.html
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
