Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com
You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Internet accessible screened subnet - use public
orprivate IPs? (Marcus J. Ranum)
2. RE: Internet accessible screened subnet - use public
orprivateIPs? (Marcus J. Ranum)
3. RE: Internet accessible screened subnet - use public or private IPs? (Behm, Jeffrey L.)
4. RE: Best CheckPoint on BladeFusion,Alteon,Crossbeam, etc? (Paul Melson)
--__--__--
Message: 1
Date: Mon, 25 Jul 2005 21:40:57 -0400
To: Victor Williams <vbwilliams@neb.rr.com>,
David Lang <david.lang@digitalinsight.com>
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] Internet accessible screened subnet - use public
orprivate IPs?
Cc: Dave Piscitello <dave@corecom.com>,
firewall-wizards@honor.icsalabs.com
Victor Williams wrote:
>The whole reason NAT was implemented was because of a very finite (and quickly running out supply, dependending on who you ask) number of publicly routable IP addresses.
Actually, it wasn't. That was something on the horizon, but at the time when
we first started selling firewalls IP addresses were still fairly easy to get.
The first firewalls I built offered NAT (inherent in the design and then later via
"Proxy transparency" in Gauntlet) because a lot of the early firewall customers
had IP address ranges that they had picked out of a hat. Only a very few
sophisticated customers had internal routing. A lot of Sun customers were
using Sun's address range because that's what SunOS' install offered as a
default suggestion.
So, you have a FORTUNE-big firm that just plunked down $75,000 for
an Internet gateway. Your choice is: re-address their network or NAT
their traffic. Hmmmm... Let me think about that...
It also didn't hurt that back in those days most customers actually were
more concerned with security than they are now. So, when you explained
to them that there was no IP routed between their network and the
Internet, and that the firewall represented a controlled topological gateway
between 2 incompatible networks, they "got it." Of course most of those
old-school security admins have long since been overruled, outmaneuvered,
and moved into other chains of command so that they no longer
Impede Progress.
mjr.
--__--__--
Message: 2
Date: Mon, 25 Jul 2005 21:44:10 -0400
To: <lordchariot@earthlink.net>,
<firewall-wizards@honor.icsalabs.com>
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: RE: [fw-wiz] Internet accessible screened subnet - use public
orprivateIPs?
lordchariot@earthlink.net wrote:
>What about when IPv6 becomes predominant on the net?
Don't worry, you'll be dead of old age before THAT happens.
mjr.
--__--__--
Message: 3
Subject: RE: [fw-wiz] Internet accessible screened subnet - use public or private IPs?
Date: Tue, 26 Jul 2005 08:51:06 -0500
From: "Behm, Jeffrey L." <BehmJL@bvsg.com>
To: <sanford.reed@reed-assoc-llc.com>,
<firewall-wizards@honor.icsalabs.com>
From: Sanford Reed=20
> 2. DNS - This is where most of the problems lay. Due to the time=20
> (3 to 5 days) needed for DNS changes to propagate you could=20
> have some connectivity issues unless you can 'mirror' the=20
> Public services onto both address subnets for a short period.=20
Or plan enough ahead (i.e. greater than your current TTL) and lower the
TTL in your affected DNS zones to make the propagation faster (at the
expense of more DNS queries due to the lower TTL).
Jeff
--__--__--
Message: 4
From: "Paul Melson" <pmelson@gmail.com>
To: "'Emily Conrad'" <emilydconrad@hotmail.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] Best CheckPoint on BladeFusion,Alteon,Crossbeam, etc?
Date: Tue, 26 Jul 2005 09:54:48 -0400
I'm certain that if you contact each of the vendors listed below they all
have a white paper indicating that their product performs best. :)
I keep going back to it (like a broken record), but talk to any SE at Check
Point and you will hear the same thing - Secure Platform is their platform
of choice. In all seriousness, if you are unwavering from Check Point, then
choose Check Point, and get them involved in your planning process. They
get paid no matter whose hardware you buy.
PaulM
-----Original Message-----
Subject: [fw-wiz] Best CheckPoint on BladeFusion,Alteon,Crossbeam, etc?
Hi,
Does anyone know of a review that analyses where CheckPoint runs best, on
platforms such as BladeFusion, Alteon, Crossbeam Systems, etc.?
--__--__--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest
No comments:
Post a Comment