Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Symantec Enterprise firewalls

From: "Bill Royds" <broyds () rogers com>
Date: Fri, 11 Apr 2003 20:03:15 -0400
To use the firewall effectively, you have to get a handle around  structure
they implement.
It is NOT an ACL list type firewall but more based on sets and relations on
objects.
One defines entities to correspond with subsets of the IP space, services of
the TCP/UDP space and interfaces on the firewall.
Firewall rules are then created based on tuples of (source-entity,source
interface,service set,destination-interface, dest-entity,action,
conditions). The firewall applies these rules to an attempted connection by
how closely that the attempt matches one of these rules.  But it is also
fairly easy to make a new rule that unintentionally overrides other rules.
Keeping track of the security policy that you are actually implementing is
non-trivial after many modifications to the rule set. I would suggest that
you really review your policy before trying to implement it in a firewall
rule set.
   Becuase of this, it is also a fair pain to manage many firewalls, as
there is not an easy way to maintain a master rule set, that is modified for
multiple machines.
  As Volker says, it is also a quite strict appliation level gateway, and
won't let applications get away with violating the protocol rules. For
example, it nicely blocks all the WebDAV command set by default (but can
allow specific commands).
It is a fairly large chunk of code so there have been a few bugs found,
although mostly in following the RFC's for a protocol close enough that some
things were allowed (FTP relaying) that the RFC allows, but should not be
allowed for security.



----- Original Message -----
From: "dave" <dave () netmedic net>
To: <firewall-wizards () honor icsalabs com>
Sent: Thursday, April 10, 2003 10:50 PM
Subject: [fw-wiz] Symantec Enterprise firewalls


: Hello,
:
: Does anyone have any basic configurations and Do's/Don'ts for Symantec
: Enterprise firewalls?
:
: Dave
:
:
:
: ______________________
: Dave Kleiman
: dave () netmedic net
: www.netmedic.net
:
:
:
:
: _______________________________________________
: firewall-wizards mailing list
: firewall-wizards () honor icsalabs com
: http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: