>Actually, a PIX box already simplifies your filter rules,
sure, "stateful packet filtering" has been the state of the art for a
couple of years now.
Every packet filtering pkg does that, even the free stuff like
ipfilter and ipfw for FreeBSD, ipchains for Linux.
I'm talking about not passing "uncessary" DNS MX lookups and
world-wide SMTP traffic across PIX, but only between the Imail on the
inside and the bastion mail host on the outside which then
receives/delivers mail with internet for Imail, including DNS
lookups. So the only smtp allowed across pix is imail to bastion,
maknig the firewall tigther, and less traffic.
Len
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
