-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Currently we have firewall rules for the Cisco WiSM to communicate with a Controller in the DMZ for a mobility anchor for our guest network. The communication between the two devices is going through our checkpoint firewall. The communication, I found, based on the SmartView Monitor logs is EtherIP (Protocol 97). We have the rule on the firewall set for "Any" because Cisco wasn't very explicit in the documentation, as to what it needed.
I was wondering if anyone had any information on securing this across the security gateway. I want to be able to just allow the minimum necessary, so I was going to create a new Other service for IP Protocol 97, but since it only connects ONCE and stays connected I wonder if the virtual session timeout will be reached (note, the traffic NEVER stops, and this rule has been the highest user since we allowed the traffic in the tens of Mbs). We already have whichever TCP/UDP ports Cisco *did* mention in a separate rule, and it seems like they're being used. I really just want to secure the "Any" rule for just Protocol 97. - -- Thanks, E. Recio MAC user's dynamic debugging list evaluator? Never heard of that. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoys2KoXvoXXmAZ0RAsapAJ9fAWvNwASbMi0/pi560FWRCsfv9gCfW0RK xusP0rX4U24Jux5KaWmihr0= =RSFc -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
