If the both ports are a pair (G400 contains 4 pairs), then if a failure occurs in the appliance the G400 does a bypass (short circuit). This will by pass the firewall. You have to make sure that you connect the inner segment on a different port pair than the outer segment.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Palmer, Paul (ISSAtlanta) Sent: Tuesday, July 26, 2005 12:32 AM To: Mohannad S. No'man; [EMAIL PROTECTED] Subject: Re: [ISSForum] Probability of Bybassing Proventia G400/2000 I presume you have the two ports in passive/IDS mode. In that case it is 0%. However, it is always possible for someone to accidentally change the policy from passive to inline. If this occurs, the G would attempt to forward packets around your firewall. That being said, it is often not a problem in practice as you would typically use taps or a read-only SPAN port to get the packets from the network. So, even if the G did begin to forward packets from an accidental policy change, they would have nowhere to go. Is there something unique about your environment that makes your situation more complicated? -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Mohannad S. No'man Sent: Sunday, July 24, 2005 12:46 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Probability of Bybassing Proventia G400/2000 What is the probability for Proventia G400/2000 to be bypassed if one port was connected to a segment located after the firewall, and another port was connected to a segment located before the same firewall? If the probability for that is 0%, do you have any official document that can prove that? Regards, Mohannad _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
