Gordon, In the rulebase properties you probably havent disabled the options there. If you go to this link you can learn how you disable things in the properties of the rulebase.
http://www.phoneboy.com/faq/0345.html The problem with this is that you then need to add the rules, which you disable in the rulebase properties, in the policy itself. (implicit and explicit rules stuff). Regards, Brenno > -----Original Message----- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: dinsdag 26 februari 2002 17:17 > To: [EMAIL PROTECTED] > Subject: Securing the FW-1 Firewall > > Hi All, > > I have FW-1 on Nokia. > I have implemented VRRP as part of the fw-1/Nokia failover solution, and > therefore have both "real" and "virual" addresses for my interfaces. > I have closed the firewall as best as I am allowed (I need to let some > remote systems "ping"), but still the "real" IP address of each interface > is being shown in traceroutes !! What have I missed ? - how do I make > my fw-1 totally anonymous ? > > Just in case I missed anything else, what are the general guidelines for > securing the fw-1 ?? > I have all my management activity limited to a completely separate, > secured > lan and I only have specific rules (ie. the only "any" destinations I have > are either for port 80 or for "drop" actions). I have anti-spoofing set as > recommended, but i do not have SYNdefender active as yet. > Anything else ? ............................. > > Cheers, Gordon > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
