[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] When should ANY be used, if ever?
Hi Allan, The only times I use ANY services is for dropping etc., and for setting up VPNs between my company's sites, and SecuRemote users. I do not recommend you allow ANY outbound services. Set up a group of services that allows all the obvious services, and edit that as request come in for additional services. Otherwise your users will do incredibly stupid things, which you may not notice until it's too late. My 2 cents, Pete Goodridge --- Allan Pratt <[email protected]> wrote: > > Hi, > > In the source, destination and protocol fields, > should ANY ever be used? > > I was thinking that it would be better to use > inverse points, as an example, > support you wanted all Internal networks to access > the Internet, normally it > is written: > > Internal_Net = Any = Any > > Would it not be better to not use ANY in the > destination and inverse the > DMZ. > > That way it would be Any network BUT the DMZ or > whatever should be > restriced. > > Any thought? > > Thanks, > > Allan > > _________________________________________________________________ > Get your FREE download of MSN Explorer at > http://explorer.msn.com > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|