Firewall Wizards mailing list archives
RE: comination of checkpoint fw-1 and raptor firewall
From: "Dieter Sarrazyn" <dsr () ascure com>
Date: Wed, 21 Feb 2001 10:21:26 +0100
-----Original Message----- From: Ralf Zessin [mailto:Ralf.Zessin () maxpert de] Sent: donderdag 15 februari 2001 0:33 To: Dieter Sarrazyn; firewall-wizards () nfr com Subject: Re: [fw-wiz] comination of checkpoint fw-1 and raptor firewall Dieter Sarrazyn wrote:Hi, I have some questions concerning the combination of acheckpoint fw-1and a raptor firewall. 1. How would you place the firewalls? First the raptor (and why) or first the checkpoint (and why)? 2. What are the advantages of each setup? 3. Which VPN -client would you use for each setup? Thesecuremote clientor the raptormobile client? Many thanks for all the response!! regards, Dieter Sarrazyn _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizardsFirst, it depends on what you want. In most Cases the raptor will be the one on the Internet-Front. The reason is simple - for normal case for all standard allowed services there are proxies, so you have really an application level fw. The Checkpoint has more flexibility in packet-filtering. Cause mostly between raptor and checkpoint there will be specialized machines for internet purposes and they have to be managed from inside, the grater flexibility of a fw-1 will be here an advantage. Also the checkpoint is great to divide departments. But, this depends heavily on what you or the customer wants in general. For the VPN: The client for the server on the front. Regards, Ralf Zessin
Hi Ralf, Why would you use the client for the server upfront? This way, the 2nd firewall has to let through all traffic of the remote vpn-user (could be a lot of ports you have to open up ...) regards, Dieter _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- comination of checkpoint fw-1 and raptor firewall Dieter Sarrazyn (Feb 01)
- Re: comination of checkpoint fw-1 and raptor firewall Ralf Zessin (Feb 15)
- <Possible follow-ups>
- RE: comination of checkpoint fw-1 and raptor firewall Dieter Sarrazyn (Feb 21)