[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] IP Forwarding
Controlling IP forwarding does not allow for routing to occur when the FW-1
application go down(not that this would ever happen). Not controlling this
does leave a security risk should the Firewall application down. However, if
you have had any problems with the application itself crashing, remember
that all your internal routing (i.e. between you Clean zone and DMZ) stops
if you are controlling IP forwarding. I allow the firewall to burn in for a
while with out any major issues and then close this hole. Although on a
customer site, I make sure that they know the risk and let the customer make
the call.Bottom line is that this hole should eventually be closed.
-----Original Message-----
From: a burbatsky [mailto:aburbatsky@hotmail.com]
Sent: Tuesday, November 02, 1999 12:39 PM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] IP Forwarding
FW-1 can be configured to Control or not control IP forwarding.
IP Forwarding ensures that IP packets are not transmitted when no security
policy I loaded.
Two questions: Why would one not want to configure their FW-1 to control IP
Forwarding? Conversely, if one would not control IP Forwarding, is that
really such a security risk?
Thank you.
Abur J. Batsky
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================