Vincent,
#I am surveying firewall product and feel confused in some concept,
#hope you guys can give me some hint about that..Thanks.
#Customer had one RFP(Request for Proposal), list some spec. for
#firewall.I listed some points I am not so sure.
#1). in setting up packet filtering rule, user can define if he
#want to accept, deny or drop it. what is the difference between
#DENY and DROP , one sale from IBM asked me "did DROP packet mean
#firewall just don't log it ?"
#I know firewall-1 can do it. but other firewalls seemed no, do you
#have anyother idea which firewall can DROP packet?(sidewiner ,
#raptor or gauntlet ?)
#2). user need telnet ,ftp , http transparent authentication in user
#and session mode. firewall-1 can do it. but do I have other choice?
#can sidewinder or raptor or gauntlet meet this ?
#3). can firewall auto detect "mail relay " behavior?
#I think firewall-1 can not meet this...
1) To further expound on what Tom said:
Using Drop instead of Deny is nice because that makes it harder for someone
to scan your firewall for open ports. No firewall should send a reset when
a packet is denied. All packets whether they are Dropped or Denied should
be logged or at least you should have the capability to log them if you
wish.
2) Sidewinder can authenticate telnet, http, and ftp through a password,
SecurID, Safeword, or SecureNet. Raptor and Guantlet can probably do the
same but you can always check out their websites (www.nai.com or
www.axent.com).
3) If the firewall has the abilitiy to relay mail (not just proxy it to one
mail server) than it better have the ability to not be used as a mail relay
for spammers. If your firewall runs Sendmail (like Sidewinder) then you
can just implement anti-relay rules. If your firewall just proxies mail to
a mail server then you want to implement anti-relay rules (or the
equivelent) on the mail server. I believe that the better mail proxies can
be configured to only proxy mail that is from or to a list of allowed
domains.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
