[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Is there any reason not to use spoof tracking on each F W interface?

To: [email protected], [email protected]
Subject: RE: [FW1] Is there any reason not to use spoof tracking on each F W interface?
From: "Bryan Morris" <[email protected]>
Date: Fri, 19 Jan 2001 15:13:11
Sender: [email protected]


Hi,

>>If you are new to FW1 then you will probably find it easier to start with 
>>no
anti-spoofing and make things work then enable it later, this saves fighting
all the "rule 0" events each time you change something.

Why is that?

What do you mean by 'this saves fighting all the "rule 0" events each time 
you change something'.

>>The only reason you may not do anti-spoofing on the Firewall is if another 
>>device does it instead - eg the upstream router to your ISP.

Good point.

>>Running it on the FW has the advantage of protecting all interfaces - so 
>>that you can cover threats that originate both internally and externally.

Also, even if one has an upstream router, what could it hurt to run a little 
extra anti-spoofing?

Bryan



>From: Chilton Tim <[email protected]>
>To: 'Bryan Morris' <[email protected]>
>CC: [email protected]
>Subject: RE: [FW1] Is there any reason not to use spoof tracking on each F 
>W interface?
>Date: Fri, 19 Jan 2001 14:03:33 -0000
>
>If you are new to FW1 then you will probably find it easier to start with 
>no
>anti-spoofing and make things work then enable it later, this saves 
>fighting
>all the "rule 0" events each time you change something.
>
>The only reason you may not do anti-spoofing on the Firewall is if another
>device does it instead - eg the upstream router to your ISP.
>
>Running it on the FW has the advantage of protecting all interfaces - so
>that you can cover threats that originate both internally and externally.
>
>Regards
>
>Tim
>
>
>-----Original Message-----
>From: Bryan Morris [mailto:[email protected]]
>Sent: 17 January 2001 23:15
>To: [email protected]
>Subject: [FW1] Is there any reason not to use spoof tracking on each FW
>interface?
>
>
>
>Hello,
>
>Is there any reason not to use spoof tracking on each FW interface?
>
>/bmjr
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>
>============================================================================
>====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>************************************************************************
>The information in this email is confidential and is intended solely
>for the addressee(s).
>Access to this email by anyone else is unauthorised. If you are not
>an intended recipient, you must not read, use or disseminate the
>information contained in the email.
>Any views expressed in this message are those of the individual sender,
>except where the sender specifically states them to be the views of
>The Capital Markets Company.
>
>http://www.capco.com
>***********************************************************************
>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Using NTP on Nokia650
Next by Date: [FW1] Static Routing on Nokia Appliances
Prev by thread: RE: [FW1] Using NTP on Nokia650
Next by thread: RE: [FW1] Is there any reason not to use spoof tracking on each F W interface?
Index(es):
- Date
- Thread