I presume you have the two ports in passive/IDS mode. In that case it is 0%. However, it is always possible for someone to accidentally change the policy from passive to inline. If this occurs, the G would attempt to forward packets around your firewall.
That being said, it is often not a problem in practice as you would typically use taps or a read-only SPAN port to get the packets from the network. So, even if the G did begin to forward packets from an accidental policy change, they would have nowhere to go. Is there something unique about your environment that makes your situation more complicated? -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Mohannad S. No'man Sent: Sunday, July 24, 2005 12:46 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Probability of Bybassing Proventia G400/2000 What is the probability for Proventia G400/2000 to be bypassed if one port was connected to a segment located after the firewall, and another port was connected to a segment located before the same firewall? If the probability for that is 0%, do you have any official document that can prove that? Regards, Mohannad _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
