Rick Murphy wrote:
>Gauntlet bug, so we eventually gave up and added the option. We had similar problems
>with Checkpoint requiring all of the "PORT" command - including the line terminator -
>be in one TCP packet.
Yeah, I remember that "feature" of the checkpoint. When
I saw that, I realized immediately that "stateful multi-level
packet inspection" doesn't mean anything like TCP reassembly
and/or state tracking. Which means that checkpoint was/is
basically not doing a whole lot...
> -Rick (glad I'm not doing firewalls any longer)
I'm also a charter member of the "glad I'm not doing firewalls
any longer" club. :)
mjr.
-----
Marcus J. Ranum
Chief Technology Officer, Network Flight Recorder, Inc.
Work: http://www.nfr.net
Personal: http://www.ranum.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
