Re: Symantec Enterprise firewalls

["Volker Tanger" <volker.tanger () discon de>]

Greetings!

On Thu, 10 Apr 2003 22:50:19 -0400 "dave" <dave () netmedic net> wrote:
> Does anyone have any basic configurations and Do's/Don'ts for Symantec
> Enterprise firewalls?

If you're searching the web, look for comments on "Eagle Raptor" or
"Axent Raptor" firewall - that are it's names before it was acquired
(Eagle up to v4, Axent v5/v6, Symantec since v7).

Things to bear in mind with the Raptor:

- Matches "best fit" - not "first fit" most other firewalls do. 

- Most pre-defined protocols are pretty strict controlled. You'll
  probably have a number of problems when bad programmed applications
  try to tunnel through known ports (e.g. HTTP) without emulating
  the complete protocol.

- Lotus Notes' SMTP service was (up to v6.0 - didn't test for newer) 
  a pain to get through as it sent out noncompliant headers - could 
  be mitigated by using a standard (sendmail/postfix/exim) MTA.

- If installing your own programs, beware of the VULTURE...
  (I wonder wether that still is there in current versions?)

- The Hawk / RCU (Unix GUI) was faster for everyday use (again I
  only used Raptors up to v6). I did not like the clumsy and 
  overly (right-)clicky Win-MMC GUI. 

Bye

Volker Tanger

IT-Security
discon gmbh
DeTeWe AG & Co. KG

Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/

-- 


-------------------------------------------------------------------
Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de .
Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich.

Visit our new Internet Pages on http://www.detewe.de .
Our Highlight: Online Product Adviser for Home & Office.
(Currently available in German only)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards