Re: [FW-1] Can Checkpoint do this?

Sat, 15 Sep 2007 05:30:14 -0700 

On Sat, 15 Sep 2007, sin wrote:


cisco4ng wrote:

 I have a question for gurus in this forum:

 With Cisco Pix/ASA firewalls, with the right setting like this:

 logging on
 logging timestamp
 logging facility 19
 logging host inside 192.168.1.1
 logging trap 6

 With these settings, hosts from the internal network, when surfing the
 internet, will be logged down to the *.gif images on the Internet that
 they
 visit.  For example, let say someone is surfing playboy.com and looking at
 miss_september.gif image(s), the pix firewall will send that
 back to the syslog server.  Basically the logging is very granular and
 details.
 I am wondering if Checkpoint can do something similar to that.  My
 guess would be no but I would like a confirmation on this.  Thanks.
yes, via an uri resource setup for optimized logging. but it's gonna slowdown the traffic is there is lots of it.
Not only that. You may hit some odd problems on some websites as well. You need a perfectly working DNS server that Check Point can use. It should be able to take a lot of hits or Check Point will slow down on this as well.
But frankly. If you have a serious network I would recommend to use a proxy and let it do the logging for you. Historically we have always seen that customers using resource definitions in Check Point have anywhere between 3 and 10 times as many calls logged.
It is pretty much as with SmartDefense. The more gadgets you add the more problems you get. 

Hugo.

--
        [EMAIL PROTECTED]       http://hugo.vanderkooij.org/
            This message is using 100% recycled electrons.

        Some men see computers as they are and say "Windows"
        I use computers with Linux and say "Why Windows?"
        (Thanks JFK, for this quote of George Bernard Shaw.)

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to