Hi,
You really should get hold of some FW1 documentation. This is almost the
first thing covered in the CCSA course.
Basically, a drop will just drop packets. It'll appear to anyone sending the
packets that they are falling into a vaccuum or black hole. Nothing is sent
back to let the person know that the packets have been dropped. This is more
than likely the better one to choose in almost all cases. It doesn't shout
*FIREWALL* at them or give them any hint as to what is wrong and the less
information you give the world outside - the better.
A reject will reject their packet and send a packet back telling them that
they have been rejected. This is to be used when time is important. In the
case of 'drop' their computer will keep sending packets not knowing that
there is a problem. In the case of 'reject' it will know there is a problem
and stop sending packets.
When in doubt use 'drop'.
Regards,
Allen Baranov
BCom(IS)
CCSE
Logical
Direct Tel No: +27 11 722 5657
Email: [EMAIL PROTECTED]
www.logical.co.za
----- Original Message -----
From: Slava Shubinsky <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 10, 2000 5:53 PM
Subject: [FW1] drop vs reject...
>
> Could someone please explain the difference between drop and reject and
when
> should each be used?
>
> Thanks!
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
