[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] When should ANY be used, if ever?
A number of services require inspection engine interaction to work, especially when NAT is used. See the following reference. http://www.phoneboy.com/fw1/faq/0305.html Peter Lukas On Fri, 19 Jan 2001, Allan Pratt wrote: > Hi, > > What do you mean that any is not always? How is that? > > By example, if I have protocol of ANY, that means EVERY protocol, no? > > /ap > > > > ----Original Message Follows---- > From: Peter Lukas <[email protected]> > To: Allan Pratt <[email protected]> > CC: [email protected] > Subject: Re: [FW1] When should ANY be used, if ever? > Date: Fri, 19 Jan 2001 07:28:05 -0600 (CST) > > Remember that "Any" is ANY not always. But, in your case, it may be > better to use the "negate" function and begin permiting limited access > that way. > > Peter Lukas > > On Fri, 19 Jan 2001, Allan Pratt wrote: > > > > > Hi, > > > > In the source, destination and protocol fields, should ANY ever be used? > > > > I was thinking that it would be better to use inverse points, as an > example, > > support you wanted all Internal networks to access the Internet, normally > it > > is written: > > > > Internal_Net = Any = Any > > > > Would it not be better to not use ANY in the destination and inverse the > > DMZ. > > > > That way it would be Any network BUT the DMZ or whatever should be > > restriced. > > > > Any thought? > > > > Thanks, > > > > Allan > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > > > > > > ================================================================================ > > To unsubscribe from this mailing list, please see the instructions > at > > http://www.checkpoint.com/services/mailing.html > > > ================================================================================ > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|