Re: [FW1] Best Practices for managing a firewalls

Wed, 23 Aug 2000 08:02:06 -0700 


It's not that you can't. Or more that you shouldn't.

The idea is, the less your running on the firewall,
the lower the chance of successfully attacking
it.

Does that answer it for you?

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Joerg Oertel <[EMAIL PROTECTED]> 8/23/00 9:04:42 AM >>>
>
>ON Wed, 23 Aug 2000 08:48:52 -0400, Robert MacDonald wrote:
>
>>It may have been in reference(don't remember)
>>to not running any other applications _on_ the
>>firewall. But instead, use another system to do
>>the anti-vius scanning.
>>
>>Robert
>
>Noone could explain in detail yet, why it's not recommended to run the 
>CVP server on the firewall machine. When you have enough mem (machines 
>never swapping), enough CPU power (over 90% idle time), enough 
>bandwidth in the network (10-15 % utilization) and fast disks (for 
>excessive logging and accounting), where should the bottleneck be?
>
>Sounds to me like a modern urban myth.
>
>Or is there anybody who can provide us with further insight?
>
>Regards,
>
>J�rg
>
>
>// pallas  GmbH  ............  Joerg Oertel  ...........
>   Hermuelheimer Str. 10       System engineer                   
>   D-50321 Bruehl, Germany     [EMAIL PROTECTED]           
>                               phone  +49-(0)2232-1896-0 
>   http://www.pallas.de        fax   +49-(0)2232-1896-29
>........................................................
>>- -
>>Robert P. MacDonald, Network Engineer
>>e-Business Infrastructure
>>G o r d o n   F o o d    S e r v i c e
>>Voice: +1.616.261.7987 email: [EMAIL PROTECTED] 
>>
>>>>> Raymond Cheung <[EMAIL PROTECTED]> 8/23/00 1:58:14 AM >>>
>>>
>>>Dear Sirs,
>>>
>>>This is a reply of the mail "Best Practices for
>>>managing a firewalls" I saw it on the mailing.
>>>
>>>In this topic, there is a point that not run any
>>>anti-virus.  Why ?
>>>
>>>thks,
>>>
>>>Raymond Cheung




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to