[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Reasons against opening I-net access..
Joe, this is no reason to open up all outgoing TCP ports. I suggest making a group like "standard services", containing things like http, ftp asf. and as far as I know FW-1 is able to handle the re-direction to a high-numbered port by an ftp server to a client still in a secure, statful fashion. Make only so much "holes in your swiss cheese" as necessary is my gospel, when dealing with service demands. Cheers Ralf G. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|