> I would like to understand what is the difference between Manage > Service > and Manage Resources?
A service is the definition of the actual protocol that you want to permit or deny in a rule. The service definition explains to the firewall how to match packets and determine that they fit that protocol. A resource is a further refinement on what you can do with the rules, through the use of FW-1's understanding of certain protocols. It allows you to apply additional restrictions and/or perform virus checks, etc. > For eg I can see FTP as the service and as the > resource? So to take FTP as the example, FTP as a service is pure and simple the protocol - you use this in the rulebase if you want to permit FTP access or deny FTP access to a given server or servers. If you define an FTP resource, it allows you to restrict what the user actually *does* with that FTP access. For example, you might want to ensure that they can only get files from a certain directory, or you might want to ensure that any files that are PUT are virus-checked first through a CVP server. > And what is the difference between add service and add service > with resource? When do we need to add service with resource. The key here is that you cannot use a resource on its own - you have to "bind" it to a service. That is why you have a choice of add service, or add service with resource. Hopefully the explanations I've given above should now make it clear as to when you might want to use "add service with resource". > Besides, I found we can define the protocol type for all the TCP service. > For eg we can define the following protocol type for FTP tcp service > 1)None > 2)URI 3)SMTP 4)FTP ? Any difference??? You aren't really defining the protocol type for the service - you are defining the sort of resource you want. Since it doesn't make sense to associate an SMTP resource with an FTP service, it is best not to confuse either yourself or the firewall, and stick with like-with-like. Hope that helps. --Philip ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
