> 1. The first one is easy. Anything from the internal > network is allowed > outbound to the Internet. > " > > I must say that I disagree in this. Allowing everything from internal > networks to internet is not a very good idea IMHO. Only > accept what you > need, not things that could be nice to have.
This policy made pretty good sense before about 1995, when the number of installed components that would initiate outbound connections without the user's knowledge was tiny, and the number of user services/destinations contrary to enterprise policy was low. Both categories have exploded since then, and continue to do so. This policy is obsolete. David Gillett ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
