Date: Sat, 7 Oct 2000 13:33:04 -0400 From: Brian Reichert <reichert@numachi.com> To: Craig Cowen <craig@allmaui.com> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Check Point FW-1 Message-ID: <20001007133304.B54883@numachi.com> In-Reply-To: <39DEBB51.E51BACFB@allmaui.com>; from craig@allmaui.com on Fri, Oct 06, 2000 at 10:57:37PM -0700 References: <39DEBB51.E51BACFB@allmaui.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 06, 2000 at 10:57:37PM -0700, Craig Cowen wrote: > The big cheeses at work want to use check point instead of ipf or any > other open source solution. > Can anybody help me with vunerabilities to this so that I can change > thier minds? I found that Checkpoint 4.0 (this may have changed) doesn't do NAT right; it uses NAT across _all_ interfaces, instead of letting you pick one. This means if you have two internal nets that are connected to the firewall box, the traffic between them seems as if it's coming fro mthe public interface. This can confuse ACLs... (You suppose can Do the Right Thing, but their silly GUI tool imposes a ton of work on you to accomplish it...) > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Brian 'you Bastard' Reichert <reichert@numachi.com> 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001007133304.B54883>