You were misinformed!
_ming
On Tue, 3 Feb 1998, Scott Robert Lenz wrote:
->Is this on an NT server? If so, IP forewarding opens up a large hole inside
->any security perimeter. Although I am not familiar enough with Checkpoint
->to know how it intercepts packets, I am surprised that they say that
->forewarding must be active. Even Microsoft states that when using thier MS
->proxy server, that IP forewarding MUST be disabled.
->
->
->
->-----Original Message-----
->From: Kunal Choudhary [SMTP:kunalc @
access .
digex .
net]
->Sent: Tuesday, February 03, 1998 8:01 AM
->To: Firewalls @
GreatCircle .
COM
->Subject: Re: Firewalls-Digest V7 #51
->
->Hi all,
->
->I've been told by Checkpoint support that v3.0b needs ip forwarding
->turned on at the bastion host to work. The assure me that this is
->completely safe, since the firewall inspects all packets anyway. I find
->this surprising, esp considering that v2.1 never required this. Any
->feedback will be appreciated.
->
->Thanks
->
->Kunal Choudhary
->
============================================================================
Ming Lu Email: mlu @
hq .
si .
net
Network Tech Consulting Engineer Phone: 703-689-5290 (w)
Engineering Division 703-855-4194 (m)
Global One Telecommunications, LLT. 703-689-6575 (f)
============================================================================
"Do not pay attention to every word people say, or you may hear your
servant cursing you ---- for you know in your heart that many times you
yourself have cursed others."
References:
|
|
