Christopher Dinsmore wrote:
> Enabling IP forwarding is essential to insure proper operation of most
> firewalls with Windows NT
Once again: depends of your firewall product. Application proxies (Gauntlet,
Raptor, even MSProxy) don't need, they force you to disable.
Only packet filtering firewalls (even those holy stateful inspecting ones
... :-)) need ip-forwarding, because it's their job and method to work as
routers...
And for FW-1, Checkpoint /recommends/ enabling FW1's proprietary forwarding
control during setup.
IMHO no professional firewall should rely on OS's forwarding mechanism
without some kind of additional, hardened control or some kind of
proprietary forwarding.
Jean Morrissette wrote:
> So to use packet filtering on ANY FWs we have to use the NT OS
> routing, would this be one of the drawback of NT based FW or is it an
issue
> also with Unix based FWs.
It's the same with every packet-filtering fw, independent of OS.
Enno
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
