Firewall Wizards mailing list archives
Re: Symantec Enterprise firewalls
From: "Bill Royds" <broyds () rogers com>
Date: Fri, 11 Apr 2003 20:03:15 -0400
To use the firewall effectively, you have to get a handle around structure they implement. It is NOT an ACL list type firewall but more based on sets and relations on objects. One defines entities to correspond with subsets of the IP space, services of the TCP/UDP space and interfaces on the firewall. Firewall rules are then created based on tuples of (source-entity,source interface,service set,destination-interface, dest-entity,action, conditions). The firewall applies these rules to an attempted connection by how closely that the attempt matches one of these rules. But it is also fairly easy to make a new rule that unintentionally overrides other rules. Keeping track of the security policy that you are actually implementing is non-trivial after many modifications to the rule set. I would suggest that you really review your policy before trying to implement it in a firewall rule set. Becuase of this, it is also a fair pain to manage many firewalls, as there is not an easy way to maintain a master rule set, that is modified for multiple machines. As Volker says, it is also a quite strict appliation level gateway, and won't let applications get away with violating the protocol rules. For example, it nicely blocks all the WebDAV command set by default (but can allow specific commands). It is a fairly large chunk of code so there have been a few bugs found, although mostly in following the RFC's for a protocol close enough that some things were allowed (FTP relaying) that the RFC allows, but should not be allowed for security. ----- Original Message ----- From: "dave" <dave () netmedic net> To: <firewall-wizards () honor icsalabs com> Sent: Thursday, April 10, 2003 10:50 PM Subject: [fw-wiz] Symantec Enterprise firewalls : Hello, : : Does anyone have any basic configurations and Do's/Don'ts for Symantec : Enterprise firewalls? : : Dave : : : : ______________________ : Dave Kleiman : dave () netmedic net : www.netmedic.net : : : : : _______________________________________________ : firewall-wizards mailing list : firewall-wizards () honor icsalabs com : http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Symantec Enterprise firewalls dave (Apr 11)
- Re: Symantec Enterprise firewalls Volker Tanger (Apr 11)
- Re: Symantec Enterprise firewalls Bill Royds (Apr 11)