Wouldn't that only be if someone is actually ON the firewall box itself?
In our case nobody is..
Scott J. Friedman
Senior Systems Administrator
Microsoft Certified Systems Engineer
Email : [EMAIL PROTECTED]
Phone : 313-253-3656
Cell Phone : 313-220-6916
AOL IM : SJF403
-----Original Message-----
From: Lupinum [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 14, 2000 1:32 PM
To: Scott Friedman
Cc: 'Padden, Greg'; '[EMAIL PROTECTED]'
Subject: Re: [FW1] Inbound, outbound, or eitherbound?
True, but it doesn't check packets from the firewall to internet or
local LAN! So you better trust the firewall and everyone on it
completely.
Lupinum.
Scott Friedman wrote:
> Inbound checks the packet when it gets to the firewallOutbound checks
> it after it has been routed from one NIC to the other before sending
> it outso a packet from the INternet would be checked when it gets to
> the external IF of the firewall. A packet from the local LAN would be
> checked once it hit the internal IF of the firewall.Eitherbound checks
> the packet when it gets to both NIC's, so a packet from the Internal
> LAN to the Net would be checked when it hit the internal IF, then
> routed to the external IF, checked again, then (if accept or encrypt)
> is sent on it's way.I use Inbound always. Eitherbound is double
> checking, double the performance hit. Scott J. Friedman
> Senior Systems Administrator
> Microsoft Certified Systems Engineer
> Email : [EMAIL PROTECTED]
> Phone : 313-253-3656
> Cell Phone : 313-220-6916
> AOL IM : SJF403
>
> -----Original Message-----
> From: Padden, Greg [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 14, 2000 12:17 PM
> To: '[EMAIL PROTECTED]'
> Subject: [FW1] Inbound, outbound, or eitherbound?
>
> So what are other people using for this Property for
> applying the ruleset to the firewall's interfaces?
>
> I was using Eitherbound, but was told that changing this to
> Inbound would gain me some performance.
>
> Does anybody know any drawback to changing to Inbound?
>
> Network Engineer, MSCE, CCNA
> Information and Telecommunications Services
> King County
> 700 5th Ave, Suite 1800
> Seattle, WA 98104
> (206)263-4804 Fax (206)263-4834
> <<Padden, Greg.vcf>>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
