> From the firewall point of view, we can simply enable > or disable BEEP.
But you don't "enable or disable BEEP". You enable or disable syslog; syslog happens to use BEEP for its messaging protocol. Ditto anything else that uses BEEP; you're still enabling the individual protocol. > When a crypting tuning profile is used, the firewall > can not even look at the application layer into the exchange of BEEP > packages. So effectively BEEP will open up a hole in the firewall (as > does SOAP for HTTP). HTTP opens a security hole in a firewall, even with a proxy server. I have successfully run IP tunnels over HTTP through a proxy using off-the-shelf software. This is a red herring, IMO. -- Harald Koch <[EMAIL PROTECTED]>