Firewall Wizards mailing list archives
Re: Checkpoint for internet access
From: "Andrew J Bernoth/Boulder/IBM" <bernoth () us ibm com>
Date: Fri, 20 Oct 2000 15:09:41 -0600
With all Due respect.....What we really have is a comprehension problem. Of all the responses I receive it appears that most of the mailing list seem quite happy to let your "secure" networks have a default route out to the internet. I find this concept insecure in that you are putting far too much trust on a single firewall, and some of the others that responded agree. I did receive a few intellegent responses agreeing that they also do not like putting a default route out to the internet on their secure network. However, they were forced to, when their internet firewall moved away from a Proxy Gateway to a Checkpoint Firewall. If you think you're up to it, how about an intellegent comment on the benifits of the Secure Networks Default Route pointing to the internet verses Secure Network's Default Route pointing to the bit bucket? Regards, Andrew J Bernoth bernoth () us ibm com "The views expressed above are my own and do not necessarily reflect those of IBM" Brad Van Orden <Brad.VanOrden () navius com>@nfr.com on 10/20/2000 05:13:12 AM Sent by: firewall-wizards-admin () nfr com To: firewall-wizards () nfr net cc: Subject: Re: [fw-wiz] Checkpoint for internet access Andrew, WIth all due respect, you obviously know nothing about routing and should stay totally away from the firewall. I hate to dissapoint you, but even your proxy server had a default route pointing to something - most likely a router that is connected to the Internet. If you don't use a default route, you would either have to run some sort of dynamic routing protocol with your router or add static routes for every conceivable address on the Internet that your users would be likely to need. Sorry, Brad Van Orden Navius Technologies Andrew J Bernoth/Boulder/IBM wrote:
G'day Wizards, Please bear with me if this is basic knowledge, I have not played with Checkpoint yet. I have a checkpoint administrator with his firewall providing access to
the
internet. I don't really like the idea of having a default route
pointing
out to the internet, but he assures me this is the only configuration the Checkpoint can do. Is this true? How do others deal with this? I am more used to either a socks or proxy configuration for an internet firewall.
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 19)
- Re: Checkpoint for internet access Brad Van Orden (Oct 20)
- <Possible follow-ups>
- RE: Checkpoint for internet access Kalat, Andrew (ISS Atlanta) (Oct 20)
- Re: Checkpoint for internet access Zarcone, Christopher (Oct 20)
- Re: Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 23)
- RE: Checkpoint for internet access Kalat, Andrew (ISS Atlanta) (Oct 23)
- Re: Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 23)
- RE: Checkpoint for internet access Andrew J Bernoth/Boulder/IBM (Oct 24)
- RE: Checkpoint for internet access Zarcone, Christopher (Oct 24)
- RE: Checkpoint for internet access Bill Van Emburg (Oct 26)