[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Fetching the wrong policy

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Fetching the wrong policy
From: Michael Martin <mmartin@clarify.com>
Date: Mon, 8 Nov 1999 12:20:19 -0800

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


Can't say that I knew about this behavior (where is it documented?).  Seems kind of odd to me, especially since the vast majority of our rules are inbound only.  Since we aren't really having any performance issues on our current Nokia boxes (they're relatively unloaded with mostly outbound web traffic) I can't speak to that one -- I'll definately take a look at it now, however.  We're going to be moving some co-located FTP servers back into our DMZ and moving up to a DS-3 fairly soon so I can see how this might quickly become a problem.  Thanks for the info.

-----Original Message-----
From: sirving@ca.ibm.com [mailto:sirving@ca.ibm.com]
Sent: Monday, November 08, 1999 7:37 AM
To: Michael Martin
Cc: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Fetching the wrong policy


Michael, maybe you can answer this question then.  I asked it a few months
ago and didn't get any feedback.

You are aware that using install on with a firewall object causes the rule
to be enforced in the eitherbound direction which causes the packets to be
checked twice.  Have you done any testing to see what the difference in
performance is??

Also, Lanse if you are there; has your checking on the state tables shown
one or two entries added when you do address translation and eitherbound??


Michael Martin <mmartin@clarify.com> on 11/04/99 02:55:02 PM

Please respond to Michael Martin <mmartin@clarify.com>

To:   fw-1-mailinglist@lists.us.checkpoint.com
cc:
Subject:  RE: [FW1] Fetching the wrong policy





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] NT Patch for Initial Sequence Numbers: Important for FW1??
Next by Date: RE: [FW1] Nokia IPxxx version
Prev by thread: RE: [FW1] Fetching the wrong policy
Next by thread: RE: [FW1] Fetching the wrong policy
Index(es):
- Date
- Thread