You are talking about their Brick Firewall? LMF is a service provided by
Lucent, not a firewall appliance/technology. I believe Firewall-1's feature
set is better.
How exactly does it operate as a bridge? Can you be specific? They claim
stateful packet inspection (that implies the network layer). Are you
refering to their proxy stuff?
On the other hand, I agree a bridge that would be a router with no address
makes me wonder...
Cheers,
Craig
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 07, 2001 8:06 PM
To: [EMAIL PROTECTED]
Subject: [FW1] why not a bridge? (and hot air)
What a lot of hot air.
Rather than debating this theoretically, take a close look at the
Lucent Managed Firewall (LMF).
It's a high-end, high-capacity, very smart, very powerful, IP firewall
which does pretty much everything Firewall-1 can do (plus a number of
very interesting unique capabilities) and does it all as a BRIDGE.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 07, 2001 9:09 AM
> To: [EMAIL PROTECTED]
> Subject: FW: RE: [FW1] why not a bridge?
>
>
>
> I actually built a prototype firewall based on bridging technology, so
> it certainly can be done. The nice thing about building it
> into a bridge,
> is ZERO network configuration is required. This is great for
> things like
> the consumer market (aka cable modems, etc). Just plug the
> box in between
> the cable modem and your PC - no additional addresses needed,
> no network
> configuration needed, just go. Of course you still need to configure
> firewall functions....
>
> -Jon Allen
>
>
> >Date: Fri, 26 Jan 2001 15:56:52 -0500 (EST)
> >From: [EMAIL PROTECTED]
> >Subject: RE: [FW1] why not a bridge?
> >
> >Andrew,
> >
> >I hate to say this, but... try thinking outside the box!
> Just because the
> >bridge you bought ten years ago doesn't have the
> functionallity that I am
> >suggesting doesn't mean that it shouldn't be done! Or tried atleast.
> >
> >I am not mistaking anything, I just think that it would be
> more secure if
> >the firewall was transparent.
> >
> >Does checkpoint RELY on packets going form one subnet to anyother? I
> >don't see why/ If I have a two port FW that is running as a
> bridge then
> >I don't see why checkpoint couldn't handle it.
> >
> >On Fri, 26 Jan 2001 [EMAIL PROTECTED] wrote:
> >
> >> no no no no no
> >>
> >> the point of a bridge is that it works at the datlink layer not the
> network
> >> layer. ie a bridge knows NOTHING about IP. So any IP
> inspection can not
> be
> >> done by a true bridge.
> >
> > SO it can't inspect anything
> >
> > Also DO not get bridging confused with packet address
> translation (PIX)
> >
> > Checkpoint expects packets to move from one IP subnet to
> another so you
> will
> > not be able to bridge.
> >
> > Any way what's so hard about routing.
> >
> > Andrew Shore
> > BTcd
> > Information Systems Engineering
> > Internet & Multimedia
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: 26 January 2001 16:06
> > To: [EMAIL PROTECTED]
> > Subject: RE: [FW1] why not a bridge?
> >
> >
> >
> > First, I had tonnes of people let me know that lucents fw
> always works(or
> > can work?) as a bridge.
> >
> > Second, I don't imagine it would be too hard to write
> bridging software
> > that actually does inspect the TCP/IP stack. I mean if you
> take a closer
> > look at how checkpoint says they examine packets, they do it
> > already. Checkpoint software itself does not route packets. I
> > wonder... If I installed bridging software on my linux box, would
> > checkpoint still work? I think I might try that...
> >
> > anyone think of a reason why it wouldn't work? anyone
> think of a reason
> > why I wouldn't want to do this?
> >
> > What do you think?
> > --Paul
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
