Checkpoint's supported services

[Jeromie Jackson <jeromie () garrison com>]

        Upon review of various configuration programs within Firewall-1 it became
quite apparent that the large number of supported services on Firewall-1
are simply plugs (or whatever you care to call it) through the firewall.
Basically what Checkpoint has done is pre-configured known ports/services
into the box to where you can easily turn them on.  These services are not
actually being secured based on any application-level knowledge, nor are
they secured @ lower layers, other than supporting a stateful
implementation of UDP.  This being said, I find it comical that Checkpoint
touts there large service support.  Any application level gateway I'm
familiar with could also implement such a task by mearly setting up all the
plugs, just not turning them on.  Checkpoint has sold a lot of boxes based
on the amount of services supported.  I find this terribly comical...  The
commercial market sure is gullable as hell, isn't it..


Jeromie Jackson -CISSP
Garrison Technologies
760-633-1843
jeromie () garrison com
Web: http://www.garrison.com