[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] fwd is not running but everything works fine - why?
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. Some ]
[ characters may be displayed incorrectly. ]
Olaf,
While your venting about the "quality" of Checkpoint's product, you may wish
to look at others.
We used cyber*uard (g omitted to protect the innocent), and their software
was bloated and buggy.
All things are relative.
We rely on checkpoint as our 1st line of defence, and, we are VERY happy
with it's stability, throughput, and support. (through Checkpoint and
Secure-IT).
Of course, your mileage may vary.
-
James Noble
Network Manager
INFO1
Norcross, GA 30093
(770) 416-6877 x345
----------------------------Confidentiality--------------------------
This E-mail is confidential. It should not be read, copied, disclosed
or used by any person other than the intended recipient. Unauthorized
use, disclosure or copying by whatever medium is strictly prohibited
and may be unlawful. If you have received this E-mail in error please
contact the sender immediately and delete the E-mail from your system.
----------------------------------------------------------------------
-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Olaf
Selke
Sent: Tuesday, October 12, 1999 1:52 PM
To: Lance Spitzner
Cc: Firewall-1 Mailing List
Subject: Re: [FW1] fwd is not running but everything works fine - why?
According to Lance Spitzner:
>
>
> On Tue, 12 Oct 1999, Ali, Mohammad wrote:
>
> > The script moves the logfiles to oldlog files and restarts the "fwd"
> > daemon. Yesterday, when the script ran
> > it failed to start the daemon. The strange thing is, everything is
> > working fine - all the traffic is passing with
> > xlation. Could some one explain why - I thought fwd is the process
> > that is responsible for firewalling.
>
> You have discovered one of the greatest misconsceptions of FW-1. The
> firewall daemon fwd does not do any firewall filtering or address
> translation. All of that is done by the kernel module. So, when you
> killed the fwd, inspection sill happened. This is one of the biggest
> things I stressed as SANS last week.
I don't wanna start a religious war about pros and cons of
miscellaneous firewall architectures here. From my experiences CP's
design in general works very well, and I suppose it do be secure enough.
The kernel module handles the filtering in a fast and efficient way,
which outperforms every proxy based application in user space. The
entire control of the kernel module is done by the firewall daemon 'fwd'.
Imho the biggest weakness in FireWall-1 is caused by the buggy
software, sloppily written code, apparently a lack of quality
management for software and written documentation, and poor support
from CP partners.
Olaf
--
Olaf Selke, olaf.selke@mediaways.net, voice +49 5241 80-7069
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================