At 13:01 Uhr 30.11.1994 -0800, Ken Beames wrote:
>1. How does Firewall-1 handle mail? Does it come with something like TIS's
>From what I understand from the Checkpoint Web Server and promo literature
(remember, Firewall-1 is NOT a Sun product), Firewall-1 is a simple packet
filter. If you want to handle mail, do it yourself.
>2. I have users that need to dial in to get mail, and this means _through_
>the front door of the firewall. (We don't have our own dialup server)
Get one and/or use authentication devices like the ones from Security
Dynamics and Digital Pathways.
>We are using a bunch of different mail servers; not everyone goes to the
>I'd like to pass mail, as well as basic services (ftp, telnet, http), but in
>order to do so securely, (well, as much as possible) I'm of the opinion that
>I'll need access lists a mile long to allow this.
No. Different mail hubs is no problem. Allowing the several applications is
not a problem if you use application gateways, which to my knowledge
Firewall-1 doesn't provide. I'd suggest (and I'm biased :-) that you
contact a vendor that sells a firewall, not a packetfilter.
>the design is a dual screening router with a application filter (sparc with
>something like firewall-1) in between.
You mean that the router filters in- and outbound traffic, don't you? If
so, you essentially have a bastion host design (additional security by
means of the screening router). This design can be hacked (see GE incident
this week). I'd try to install a screened subnet configuration, if
Check the Digital SEAL page :
SEAL docs/kits :
FTPable documents :
Internet Security: Screening External Access Link (SEAL)
Customer Update Article -- May 1994, 2 Pages
Text : /pub/Digital/info/Customer-Update/940509010.txt
Screening External Access Link (SEAL) Consulting Service
Infosheet -- May 1994, 1 Page
Abstract : /pub/Digital/info/infosheet/seal-consulting-service.abs
United States Contact:
Dick Calandrella at 508-496-8626
As I said, I'm biased :-).
All the best
Am Tiergarten 22 Tel.: +49/69/4990880
D-60316 Frankfurt Fax : +49/6103/383-157
Germany privat: maass @
biz.: Joerg .
PGP signature available upon request.