> Can I force to check each and every packet against the rule base and
> not the connection table. I know it will hurt the performance of the
> fw but I have an obscure need to do it this way. If this can be done,
> is this a global setting or can I enable it per rule?
What are you really trying to accomplish? What functionality do you hope to
gain by forcing each packet through the rulebase? Depending on what it is,
there's probably a better way to accomplish this.
Eliminating FireWall-1's "state" mechanisms reduces FireWall-1 effectiveness
as a firewall. Assuming this could easily be done, I would not recommend
such a thing.
-- PhoneBoy
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
