At 10:20 AM 6/6/96 PDT, Dzung Tran wrote:
> >
>> On Wed, 5 Jun 1996, Mike Jones wrote:
>>
>> > In fact, FireWall-1 offers NAT and it's not a proxy firewall. Michael,
>> > you're completely off base on this one.
>>
>> The please explain why Checkpoint advertises Firewall -1 as an
>> application gateway ?
>>
>According to Network Computing Magazine (4/1/96):
>
>".. CheckPoint FireWall-1 uses a powerful scripting language called
>Inspect, which dynamically tracks and examines packets up through the
>application layer. Even though it does not implement proxies in the
>traditional sense, like Gauntlet and CyberGuard, its ability to
>analyze the applicatin data allows CheckPoint to implement many of
>the same capabilities without sacrificing performance.."
Good summary. Firewall-1 uses a Statefull Multilayered Inspection (SMLI)
technique. Inspect is a language that allows quick modifications. The SMLI
engine is a virtual machine that resides within the kernal and examines
packets and makes allow/dis-allow decisions based on the rule set and the
state table.
Very kewl.
Richard Stiennon richards @
netrex .
com
Director, Business Development www.netrex.com/richard
Netrex, Inc. Voice: 810-352-9643
3000 Town Center, Suite 1100 Fax: 810-352-2375
Southfield, MI 48075
|
|
