Joe Matusiewicz wrote:
>
> It was a misconfiguration, but who is at fault depends on your point of
> view. By default, Firewall-1 will allow DNS, RIP, and ICMP services to
> pass unhindered and unlogged in both directions under its security policy
> (Rule 0). Some folks reject the defaults.
Agreed. This has been a known problem since v2.x (long before the
Diligence report) and it still exists in v4 which is the current
shipping version (although you can view the effect of the default
Properties settings by selecting View-->Psudo-Rules).
For full details on this problem, as well as how to fix it, check out:
http://www.geek-speak.net/fw1/fw1_properties.html
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
