Hi Group,
I know that this is going to be very broad but just bare with me on this one. We
are switching over our firewall router from a bay to a cisco. The cisco one that I am
going to work on is already pre-configured except for access-lists and filters. What
they basically told me is tha
I've got a better ideaget rid of the Checkpoint firewall and let the PIX
handle everything. :-) Seriously, the PIX is a lot beefier machine. I
would reconsider your decision to let the Checkpoint handle the brunt of the
traffic. The PIX can handle far more traffic than the Checkpoint, assu
PIX is wire-speed, hardware based! Checkpoint is based on the box you have
it installed, which could be better than PIX's box... agreed!, but it is
also software based.
CheckPoint does have an embedded hardware based box made by NOKIA, but that
market is not doing so well.
Khalid Khan
"John Neib
Well, that depends.
My first recommendation would be to review your company security policy
which was signed off on by executive management. That policy should list
what types of traffic, ports, etc. your company has deemed necessary and
will allow into their environment. It should also dictate
:28pm, Jim Deane chatted about:
> Subject:Re: What should I block???
> SANS (www.sans.org) usually has some good resources. Here is the direct
> link to their sample security policies:
>
> http://www.sans.org/newlook/resources/policies/policies.htm
>
> Jim
>
>
> "
sk, I have a work station...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Deane
Sent: Thursday, February 01, 2001 1:28 PM
To: [EMAIL PROTECTED]
Subject: Re: What should I block???
Well, that depends.
My first recommendation would be to review you
--
> A bus station is where a bus stops.
> A train station is where a train stops.
> On my desk, I have a work station...
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jim Deane
> Sent: Thursday, February 01, 2001 1:28
. Last [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 12:14 AM
To: [EMAIL PROTECTED]
Subject: Re: What should I block???
PIX is wire-speed, hardware based! Checkpoint is based on the box you have
it installed, which could be better than PIX's box... agreed!, but it is
also software
2001 3:11 AM
To: [EMAIL PROTECTED]
Subject: RE: What should I block???
Hmmm, I have opened up and configured PIX Firewall box.
Basically it is a motherboard with PCI card.
It is not a hardware firewall.
Personally in term of security, logging, performance and
manageability feature, Chec
Funny that you mentioned that. Right after I dropped the post to the group i
realized that I was thinking backwards like you said. As it turns out, I only
needed to permit 3 addresses and then I was done...easy. Guess I was
over-analyzing, oh well =o)
Mark Z.
In a message dated 2/1/01 7:34:
>PIX is wire-speed, hardware based! Checkpoint is based on the box you have
>it installed, which could be better than PIX's box... agreed!, but it is
>also software based.
>
>CheckPoint does have an embedded hardware based box made by NOKIA, but that
>market is not doing so well.
>
>Khalid Khan
"
ry 01, 2001 1:21 PM
Subject: Re: "Wire speed" (wasRe: What should I block???)
> >I would agree here. Things like maximum concurrent connections and how
many
> >connections/second need to be considered as well. Personally I prefer
> >hardware simply for the stabili
urned the
t-shirt.
- Original Message -
From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 01, 2001 11:28 AM
Subject: "Wire speed" (wasRe: What should I block???)
> >PIX is wire-speed, hardware based! Ch
>I would agree here. Things like maximum concurrent connections and how many
>connections/second need to be considered as well. Personally I prefer
>hardware simply for the stability factor. There's nothing like having to go
>reboot the firewall server at 2am...grrr. Been there, done that, bur
14 matches
Mail list logo
