Re: [FW1] When should ANY be used, if ever?

Fri, 19 Jan 2001 07:35:18 -0800 


A number of services require inspection engine interaction to work,
especially when NAT is used.

See the following reference.
http://www.phoneboy.com/fw1/faq/0305.html

Peter Lukas

On Fri, 19 Jan 2001, Allan Pratt wrote:

> Hi,
> 
> What do you mean that any is not always?  How is that?
> 
> By example, if I have protocol of ANY, that means EVERY protocol, no?
> 
> /ap
> 
> 
> 
> ----Original Message Follows----
> From: Peter Lukas <[EMAIL PROTECTED]>
> To: Allan Pratt <[EMAIL PROTECTED]>
> CC: [EMAIL PROTECTED]
> Subject: Re: [FW1] When should ANY be used, if ever?
> Date: Fri, 19 Jan 2001 07:28:05 -0600 (CST)
> 
> Remember that "Any" is ANY not always.  But, in your case, it may be
> better to use the "negate" function and begin permiting limited access
> that way.
> 
> Peter Lukas
> 
> On Fri, 19 Jan 2001, Allan Pratt wrote:
> 
>  >
>  > Hi,
>  >
>  > In the source, destination and protocol fields, should ANY ever be used?
>  >
>  > I was thinking that it would be better to use inverse points, as an 
> example,
>  > support you wanted all Internal networks to access the Internet, normally 
> it
>  > is written:
>  >
>  > Internal_Net = Any = Any
>  >
>  > Would it not be better to not use ANY in the destination and inverse the
>  > DMZ.
>  >
>  > That way it would be Any network BUT the DMZ or whatever should be
>  > restriced.
>  >
>  > Any thought?
>  >
>  > Thanks,
>  >
>  > Allan
>  >
>  > _________________________________________________________________
>  > Get your FREE download of MSN Explorer at http://explorer.msn.com
>  >
>  >
>  >
>  > 
> ================================================================================
>  >      To unsubscribe from this mailing list, please see the instructions 
> at
>  >                http://www.checkpoint.com/services/mailing.html
>  > 
> ================================================================================
>  >
> 
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to