----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 09, 2001 11:38 PM Subject: Firewalls digest, Vol 1 #82 - 9 msgs > Send Firewalls mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnac.net/mailman/listinfo/firewalls > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Firewalls digest..." > > > Today's Topics: > > 1. RE: Multi-homed Internet connection ([EMAIL PROTECTED]) > 2. Port 6346 ([EMAIL PROTECTED]) > 3. Re: Ping query (Jose Nazario) > 4. Re: Netscreen 5XP problem.... ([EMAIL PROTECTED]) > 5. (no subject) (Logan Lemming) > 6. Re: Netscreen 5XP problem.... (Jose Nazario) > 7. RE: What is best... (Dan McGinn-Combs) > 8. RE: What is best... (Zachary Uram) > 9. Re: Stonegate Firewall ( what do you think? ) (Axel Eble) > > --__--__-- > > Message: 1 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Date: Mon, 9 Jul 2001 11:49:47 -0700 > Subject: RE: Multi-homed Internet connection > > On 8 Jul 2001, at 18:23, Alvin Oga wrote: > > > hi ya > > > > > Something like this: > > > > > > Inside---FW with Nat -----router-----------First Provider > > > to 1st Prov | > > > addr space | > > > Traffic natted > > > to 2nd provider's > > > addr space > > > | > > > +--------------Second Provider > > > > I'd try/prefer the following > > > > +-------------+ > > | | > > | +-----router--- First Provider > > | FW | > > Inside---+ | > > | w/ NAT | > > | +-----router--- Second Provider > > | | > > +-------------+ > > > > if the router or first provider goes down... i can still get > > in and out thru the 2nd provider.. > > > > if i have "autonomous"(?) ip#... both ISPs can route incoming > > and outgoing traffic > > > > thanx > > alvin > > The issue, I think, is that the poster DOESN'T have an autonomous > or portable address. So in this latter arrangement, while he can > play all sorts of router tricks about which provider a given outbound > packet gets sent to ("shouldn't" matter, since both providers peer > with the rest of the Internet), *inbound* traffic only ever comes > over one link, and when that's down, he's dead. > > An alternative that I've used, besides NAT on the second space, was > to put a proxy on the second line that then locally accessed stuff > via the primary addresses. > That, or the NAT approach, will allow outbound-origin connections > via the second line. Where you need either a BGP-able (protable, if > not actually autonomous) address (OR *possibly* some ugly DNS tricks) > is if you want inbound-origin traffic to find your hosts even when > the primary line is down. > > David Gillett > > > > --__--__-- > > Message: 2 > Date: Mon, 09 Jul 2001 12:06:37 -0700 > To: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Subject: Port 6346 > > not running Gnutella 0.56 and I have observed several TCP port probes over > the last few days. Is there any way to block these type of scans besides > out and out port and IP blocking ?? > > > --__--__-- > > Message: 3 > Date: Mon, 9 Jul 2001 15:07:52 -0400 (EDT) > From: Jose Nazario <[EMAIL PROTECTED]> > To: Zachary Uram <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Subject: Re: Ping query > > On Mon, 9 Jul 2001, Zachary Uram wrote: > > > how can i tell if someone is fingering me? > > you can have finger log connections, your kernel (or packet filter) log > connections, use tcpd to log connections ... any sort of mechanism. > > > or if they are using netstat or traceroute on me? > > netstat is a local operation. it wont tell you jack about sockets on other > machines unless you're connected to them. presumably you mean port > scanning (where they can see what ports are open on a remote machine, ie > yours). i use scanlogd (http://www.openwall.com/) on Linux and *BSD boxes. > a good NIDS can also pick up port scans, they're pathetically easy to > observe. > > traceroute is pretty easy, too. look for TTL 1 packets, look for signature > UDP packets (UNIX traceroute) or TTL=1 ICMP_ECHO_REQUEST packets (from > Win32 traceroutes). again, a host can log TTl=1 packets, you can listen on > UDP ports that traceroute would normally hit (see also dettecttr from a > back issue of phrack). > > hope this helps, > > ____________________________ > jose nazario [EMAIL PROTECTED] > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 > PGP key ID 0xFD37F4E5 (pgp.mit.edu) > > > --__--__-- > > Message: 4 > From: [EMAIL PROTECTED] > To: "Henrik Grankvist" <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > Date: Mon, 9 Jul 2001 12:26:18 -0700 > Subject: Re: Netscreen 5XP problem.... > > The thought of combining "VPN" with "transparent mode" makes my > poor little brain hurt. It wouldn't surprise me if that combination > turned out to be not (yet?) supported.... > > David Gillett > > > On 9 Jul 2001, at 18:05, Henrik Grankvist wrote: > > > Hello! > > > > I'm having some trouble getting a vpn connection to work with NS5XP in > > transparent mode. I know that it only works with manual keys, and therefore > > I have set up a connection using the tutorial from Netscreen. > > > > But I can't get it to work, when I for instance ping the internal server > > (the one that I should protect) it seems like the server can't answer back > > to the Netscreen remote computer. I have discovered this by analysing the > > packets that are in transit behind the NS5XP I get icmp error messages host > > unreachable from the inside.. > > > > The rules that I'm using is as follows: > > > > outbound; Inside any , outside any, permit. > > > > inbound: 1 Dialup-VPN, private server, tunnel. > > 2 Outside any, inside any, deny. > > > > > > Here is the physical configuration: > > > > NS_Remote <-------> NS5XP (in transparent mode) <------> Plain text server > > > > I really hope that someone knows something about this problem and could give > > me som info on the subject...... > > > > Kind regards > > > > Henrik Grankvist > > Student > > [EMAIL PROTECTED] > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > --__--__-- > > Message: 5 > Date: Mon, 09 Jul 2001 12:34:25 -0700 > From: Logan Lemming <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], [EMAIL PROTECTED], > [EMAIL PROTECTED] > Subject: (no subject) > > This is a multi-part message in MIME format. > > --Boundary_(ID_UjEab61za2tBs0RlJHNh8g) > Content-type: text/plain; charset=iso-8859-1 > Content-transfer-encoding: 7BIT > > unsubscribe firewalls > > --Boundary_(ID_UjEab61za2tBs0RlJHNh8g) > Content-type: text/html; charset=iso-8859-1 > Content-transfer-encoding: 7BIT > > <html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"> > > <head> > <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> > > > <meta name=ProgId content=Word.Document> > <meta name=Generator content="Microsoft Word 10"> > <meta name=Originator content="Microsoft Word 10"> > <link rel=File-List href="cid:[EMAIL PROTECTED]"> > <!--[if gte mso 9]><xml> > <o:OfficeDocumentSettings> > <o:DoNotRelyOnCSS/> > </o:OfficeDocumentSettings> > </xml><![endif]--><!--[if gte mso 9]><xml> > <w:WordDocument> > <w:SpellingState>Clean</w:SpellingState> > <w:GrammarState>Clean</w:GrammarState> > <w:DocumentKind>DocumentEmail</w:DocumentKind> > <w:EnvelopeVis/> > <w:Compatibility> > <w:BreakWrappedTables/> > <w:SnapToGridInCell/> > <w:WrapTextWithPunct/> > <w:UseAsianBreakRules/> > <w:UseFELayout/> > </w:Compatibility> > <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> > </w:WordDocument> > </xml><![endif]--> > <style> > <!-- > /* Font Definitions */ > @font-face > {font-family:Batang; > panose-1:2 3 6 0 0 1 1 1 1 1; > mso-font-alt:\BC14\D0D5; > mso-font-charset:129; > mso-generic-font-family:roman; > mso-font-pitch:variable; > mso-font-signature:-1342176593 1775729915 48 0 524447 0;} > @font-face > {font-family:"\@Batang"; > panose-1:2 3 6 0 0 1 1 1 1 1; > mso-font-charset:129; > mso-generic-font-family:roman; > mso-font-pitch:variable; > mso-font-signature:-1342176593 1775729915 48 0 524447 0;} > /* Style Definitions */ > p.MsoNormal, li.MsoNormal, div.MsoNormal > {mso-style-parent:""; > margin:0in; > margin-bottom:.0001pt; > mso-pagination:widow-orphan; > font-size:12.0pt; > font-family:"Times New Roman"; > mso-fareast-font-family:Batang;} > a:link, span.MsoHyperlink > {color:blue; > text-decoration:underline; > text-underline:single;} > a:visited, span.MsoHyperlinkFollowed > {color:purple; > text-decoration:underline; > text-underline:single;} > span.EmailStyle17 > {mso-style-type:personal-compose; > mso-style-noshow:yes; > mso-ansi-font-size:10.0pt; > mso-bidi-font-size:10.0pt; > font-family:Arial; > mso-ascii-font-family:Arial; > mso-hansi-font-family:Arial; > mso-bidi-font-family:Arial; > color:windowtext;} > span.SpellE > {mso-style-name:""; > mso-spl-e:yes;} > span.GramE > {mso-style-name:""; > mso-gram-e:yes;} > @page Section1 > {size:8.5in 11.0in; > margin:1.0in 1.25in 1.0in 1.25in; > mso-header-margin:.5in; > mso-footer-margin:.5in; > mso-paper-source:0;} > div.Section1 > {page:Section1;} > --> > </style> > <!--[if gte mso 10]> > <style> > /* Style Definitions */ > table.MsoNormalTable > {mso-style-name:"Table Normal"; > mso-tstyle-rowband-size:0; > mso-tstyle-colband-size:0; > mso-style-noshow:yes; > mso-style-parent:""; > mso-padding-alt:0in 5.4pt 0in 5.4pt; > mso-para-margin:0in; > mso-para-margin-bottom:.0001pt; > mso-pagination:widow-orphan; > font-size:10.0pt; > font-family:"Times New Roman";} > </style> > <![endif]--> > </head> > > <body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'> > > <div class=Section1> > > <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; > font-family:Arial'>unsubscribe firewalls<o:p></o:p></span></font></p> > > </div> > > </body> > > </html> > > --Boundary_(ID_UjEab61za2tBs0RlJHNh8g)-- > > --__--__-- > > Message: 6 > Date: Mon, 9 Jul 2001 15:50:47 -0400 (EDT) > From: Jose Nazario <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: Henrik Grankvist <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED]> > Subject: Re: Netscreen 5XP problem.... > > On Mon, 9 Jul 2001 [EMAIL PROTECTED] wrote: > > > The thought of combining "VPN" with "transparent mode" makes my poor > > little brain hurt. It wouldn't surprise me if that combination turned > > out to be not (yet?) supported.... > > > On 9 Jul 2001, at 18:05, Henrik Grankvist wrote: > > > > I'm having some trouble getting a vpn connection to work with NS5XP in > > > transparent mode. I know that it only works with manual keys, and therefore > > > I have set up a connection using the tutorial from Netscreen. > > sorry, i'm not familiar with the term 'transparent mode' as it applies to > the Netscreen product, but if it means 'only configured at layer 2, ie a > filtering bridge' then i know i understand you. > > you can't do IPSec VPNs with a layer 2 device, it requires layer 3 (IP) > manipulations (encapsulation, packet header mangling, etc ...), along with > endpoint addressing (for the gateways or participating nodes), none of > which are available (on the WAN) only at layer 2. > > bear in mind i could be talking out my ass, but that's as i understand it > and why i think it can't be done (a layer 2 IPSec device). > > ____________________________ > jose nazario [EMAIL PROTECTED] > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 > PGP key ID 0xFD37F4E5 (pgp.mit.edu) > > > --__--__-- > > Message: 7 > From: Dan McGinn-Combs <[EMAIL PROTECTED]> > To: 'Matthew Isaacs' <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: RE: What is best... > Date: Mon, 9 Jul 2001 15:45:21 -0400 > > This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > > ------_=_NextPart_001_01C108AF.B057D610 > Content-Type: text/plain; > charset="iso-8859-1" > > After long deliberation, we decided to go with Checkpoint on Solaris using > SUN Hardware not necessarily for all the technical reasons. Sure it would > have been a simpler install or a simpler configuration to use Windows. > Certainly, Intel hardware might have been slightly less expensive. But > overall I think using this combination provided me with a couple of > additional pluses over Intel/Windows combination: > > a) The ability to implement a minimal install of Solaris, reducing the > number of potential exploits to a minimum. I'm not at all sure this is > possible on any version of Windows without a great deal of effort. > > b) Fear factor, we support ten or twelve firewalls worldwide for the company > and it helps to have something mostly deemed as "too complicated" for the > mere mortal. Using Windows tends to invite a "hey why can't I look at..." > question from end users. > > c) Standard support, yes, I've been guilty of plugging in a 220volt power > cord while the power config switch was set to 110volts. Ouch... but the Sun > support guys (for a price) had a new powersupply over to me within hours. > > d) Universal buy-in, providing this service to so many remote sites in > different countries required us to use something everyone would accept. Sun, > Solaris and Checkpoint provided that politically correct platform. > > Dan > > -----Original Message----- > From: Matthew Isaacs [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 09, 2001 1:13 PM > To: [EMAIL PROTECTED] > Subject: What is best... > > > With fear of starting a barrage of emails.... Or sounding ignorant but would > like to get feed back from some people with experience in wide range of > scenarios. > > Looking at firewalls, what I'd like to know is what the best scenario is, > Please no personal opinions. > > CP FW -1 4.1 running on Solaris with SUN hardware > CP FW -1 4.1 running on Solaris with Intel hardware > CP FW -1 4.1 running on Windows > Any other fw running on intel > > Currently running CP FW-1 4.1 on solaris with Sun hardware is currently cpu > bound. > > Need to be able to manage Bandwidth as well either from same box or possible > another. > > Sites where there is some data showing tests etc would be good... > > Matthew > > ------_=_NextPart_001_01C108AF.B057D610 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20 > "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 > "urn:schemas-microsoft-com:office:word"><HEAD> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = > charset=3Diso-8859-1"> > > > <META content=3DWord.Document name=3DProgId> > <META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR> > <META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20 > href=3D"cid:[EMAIL PROTECTED]" rel=3DFile-List><!--[if gte = > mso 9]><xml> > <o:OfficeDocumentSettings> > <o:DoNotRelyOnCSS/> > </o:OfficeDocumentSettings> > </xml><![endif]--><!--[if gte mso 9]><xml> > <w:WordDocument> > <w:SpellingState>Clean</w:SpellingState> > <w:GrammarState>Clean</w:GrammarState> > <w:DocumentKind>DocumentEmail</w:DocumentKind> > <w:EnvelopeVis/> > <w:Compatibility> > <w:BreakWrappedTables/> > <w:SnapToGridInCell/> > <w:WrapTextWithPunct/> > <w:UseAsianBreakRules/> > </w:Compatibility> > <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> > </w:WordDocument> > </xml><![endif]--> > <STYLE>@page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt = > 72.0pt 90.0pt; mso-header-margin: 35.4pt; mso-footer-margin: 35.4pt; = > mso-paper-source: 0; } > P.MsoNormal { > FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; = > mso-style-parent: ""; mso-pagination: widow-orphan; = > mso-fareast-font-family: "Times New Roman" > } > LI.MsoNormal { > FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; = > mso-style-parent: ""; mso-pagination: widow-orphan; = > mso-fareast-font-family: "Times New Roman" > } > DIV.MsoNormal { > FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; = > mso-style-parent: ""; mso-pagination: widow-orphan; = > mso-fareast-font-family: "Times New Roman" > } > A:link { > COLOR: blue; TEXT-DECORATION: underline; text-underline: single > } > SPAN.MsoHyperlink { > COLOR: blue; TEXT-DECORATION: underline; text-underline: single > } > A:visited { > COLOR: purple; TEXT-DECORATION: underline; text-underline: single > } > SPAN.MsoHyperlinkFollowed { > COLOR: purple; TEXT-DECORATION: underline; text-underline: single > } > SPAN.EmailStyle17 { > COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: = > personal-compose; mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; = > mso-bidi-font-size: 10.0pt; mso-ascii-font-family: Arial; = > mso-hansi-font-family: Arial; mso-bidi-font-family: Arial > } > SPAN.SpellE { > mso-style-name: ""; mso-spl-e: yes > } > SPAN.GramE { > mso-style-name: ""; mso-gram-e: yes > } > DIV.Section1 { > page: Section1 > } > </STYLE> > <!--[if gte mso 10]> > <style> > /* Style Definitions */=20 > table.MsoNormalTable > {mso-style-name:"Table Normal"; > mso-tstyle-rowband-size:0; > mso-tstyle-colband-size:0; > mso-style-noshow:yes; > mso-style-parent:""; > mso-padding-alt:0cm 5.4pt 0cm 5.4pt; > mso-para-margin:0cm; > mso-para-margin-bottom:.0001pt; > mso-pagination:widow-orphan; > font-size:10.0pt; > font-family:"Times New Roman";} > </style> > <![endif]--></HEAD> > <BODY lang=3DEN-GB style=3D"tab-interval: 36.0pt" vLink=3Dpurple = > link=3Dblue> > <DIV><FONT face=3DTahoma size=3D2><SPAN = > class=3D098473819-09072001>After long=20 > deliberation, we decided to go with Checkpoint on Solaris using SUN = > Hardware not=20 > necessarily for all the technical reasons. Sure it would have been a = > simpler=20 > install or a simpler configuration to use Windows. Certainly, Intel = > hardware=20 > might have been slightly less expensive. But overall I think using this = > > combination provided me with a couple of additional pluses over = > Intel/Windows=20 > combination:</SPAN></FONT></DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001></SPAN></FONT> </DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN class=3D098473819-09072001>a) = > The ability to=20 > implement a minimal install of Solaris, reducing the number of = > potential=20 > exploits to a minimum. I'm not at all sure this is possible on any = > version of=20 > Windows without a great deal of effort.</SPAN></FONT></DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001></SPAN></FONT> </DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN class=3D098473819-09072001>b) = > Fear factor, we=20 > support ten or twelve firewalls worldwide for the company and it = > helps to=20 > have something mostly deemed as "too complicated" for the mere mortal. = > Using=20 > Windows tends to invite a "hey why can't I look at..." question from = > end=20 > users.</SPAN></FONT></DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001></SPAN></FONT> </DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN class=3D098473819-09072001>c) = > Standard=20 > support, yes, I've been guilty of plugging in a 220volt power cord = > while the=20 > power config switch was set to 110volts. Ouch... but the Sun support = > guys (for a=20 > price) had a new powersupply over to me within = > hours.</SPAN></FONT></DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001></SPAN></FONT> </DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN class=3D098473819-09072001>d) = > Universal=20 > buy-in, providing this service to so many remote sites in different = > countries=20 > required us to use something everyone would accept. Sun, Solaris and = > Checkpoint=20 > provided that politically correct platform.</SPAN></FONT></DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001></SPAN></FONT> </DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001>Dan</SPAN></FONT></DIV> > <DIV><FONT face=3DTahoma size=3D2><SPAN=20 > class=3D098473819-09072001></SPAN></FONT> </DIV> > <DIV><FONT face=3DTahoma size=3D2>-----Original = > Message-----<BR><B>From:</B> Matthew=20 > Isaacs [mailto:[EMAIL PROTECTED]]<BR><B>Sent:</B> Monday, July 09, = > 2001 1:13=20 > PM<BR><B>To:</B> [EMAIL PROTECTED]<BR><B>Subject:</B> What is=20 > best...<BR><BR></DIV></FONT> > <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px"> > <DIV class=3DSection1> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">With fear of starting a = > barrage of=20 > emails.... Or sounding ignorant but would like to get feed back from = > some=20 > people with experience in wide range of=20 > scenarios.<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial"><o:p> </o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Looking at firewalls, = > what I'd=20 > like to know is what the best scenario is, <SPAN = > class=3DGramE>Please</SPAN> no=20 > personal opinions.<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial"><o:p> </o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">CP FW -1 4.1 running on = > Solaris=20 > with SUN hardware<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">CP FW -1 4.1 running on = > Solaris=20 > with Intel hardware<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">CP FW -1 4.1 running on = > > Windows<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Any other <SPAN=20 > class=3DSpellE>fw</SPAN> running on <SPAN class=3DSpellE><SPAN=20 > class=3DGramE>intel</SPAN></SPAN><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial"><o:p> </o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Currently running CP = > FW-1 4.1 on=20 > <SPAN class=3DSpellE>solaris</SPAN> with Sun hardware is currently = > <SPAN=20 > class=3DSpellE><SPAN class=3DGramE>cpu</SPAN></SPAN>=20 > bound.<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial"><o:p> </o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Need to be able to = > manage=20 > Bandwidth as well either from same box or possible=20 > another.<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial"><o:p> </o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Sites where there is = > some data=20 > showing tests etc would be good...<o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial"><o:p> </o:p></SPAN></FONT></P> > <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 > style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = > Arial">Matthew<o:p></o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></H= > TML> > > ------_=_NextPart_001_01C108AF.B057D610-- > > --__--__-- > > Message: 8 > Date: Mon, 9 Jul 2001 16:09:47 -0400 (EDT) > From: Zachary Uram <[EMAIL PROTECTED]> > To: Dan McGinn-Combs <[EMAIL PROTECTED]> > Cc: "'Matthew Isaacs'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: RE: What is best... > > > @page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt > > 72.0pt 90.0pt; mso-header-margin: 35.4pt; mso-footer-margin: 35.4pt; > > mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm0cm > > 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; > > mso-pagination: widow-orphan; mso-fareast-font-family: "Times > > New Roman"} LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm > > 0pt; FONT-FAMILY: > [SNIP] > > Huh? What is all that junk? Please post in plain ASCII > text. Thanks. > > Regards, > Zach > > [EMAIL PROTECTED] > "Blessed are those who have not seen and yet have faith." - John 20:29 > > > --__--__-- > > Message: 9 > Date: Mon, 09 Jul 2001 22:23:24 +0200 > From: Axel Eble <[EMAIL PROTECTED]> > Organization: Entropy Productions, Inc. > To: Slade Edmonds <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: Stonegate Firewall ( what do you think? ) > > Slade Edmonds wrote: > > > I wanna know what people out there think about the Stonegate Firewall > > product. Is it good? Do people actually use it? Are there people that > > *dont't* like it? Etc. Etc. > > > What I saw at the CeBIT looked quite interesting. Stonesoft didn't want > to give me a demo version though. They only sent me some Word document > where I'm supposed to enter some contact data. Alas, I can't open it > because I'm using Linux :-) > > The nice thing about it is the integrated SB Full Cluster and that it > runs under Linux. > > Apart from that: if they sent me a demo CD I would test it... > > Regards, > > Axel > > > > > -- > Axel Eble * Aussiger Str. 7 * 63110 Rodgau * Germany > eSecurity * interNetworking * consulting > fon: +49 6106 646288 * fax: +49 6106 646287 * cell: +49 178 2853265 > email: [EMAIL PROTECTED] * [EMAIL PROTECTED] > > > > --__--__-- > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > > End of Firewalls Digest --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.263 / Virus Database: 135 - Release Date: 6/22/01 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
