[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Re: [FW1] Install on ..
Thanks a lot.To conclude,i can achive all my objectives if i choose eitherbound and apply on gateways.i specify rule base for each and every traffic,i think i can achieve maximum security.for instances i need to check only outbound then i apply the policy on source.thanks for clarifying me. mohamed. On Thu, 27 Sep 2001 CryptoTech wrote : > Mohamed, > No worries, mate. Here goes: > If you look into the Policy->Properties menu on the > toolbar, you > will see an enforce on interface direction option. > This allows you to > set a particular behavior as a global policy, that is, > > > External-net->fw-IF->Inbound-Check->Route-Nat->outbound-- > Check->internal-net > (internal and external are relative to the source of > transmission) > > So, Eitherbound uses both policy checks, validating > that even users on > the firewall box will have the relevant policy applied > Inbound prevents hacks to the firewall by > checking packets before > they arrive at the IP stack > Outbound only checks packets after they have > passed routing. > > These options were instituted in the days of low > processor capability, > but because of large enterprise customers who had > learned to deal with > behavior of NAT with regard to these rules, check point > apparently left > them in. > > Now to your question: > If you manually specify and install-on target such as > "ClusterobjectA", > the rules will automatically be enforced Eitherbound > If you specify Destination, this will have policy > enforced on the > inbound direction, and Source will refer to the > outbound. > > You can contact me in a private email should you desire > more > clarification. > > Cheers, > CT > > Mohamed Maraikayar wrote: > > > this may be an elementary question,but i am helpless > now.In checkpoint rule base,What is the difference > between Install on source,destination or routers or > gateways? i read the secadmin pdf of checkpoint, but > coudlnt understand t e install on gateways.but if we give install on > source,all outbound connections from that source is > checked.the prime objective is also achieved when we > give install on gateways.could anyone clear me with > simple words ? > > thanks > > mohamed. > > > > ======================================================- > ========================== > > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mail- > ing.html > > ======================================================- > ========================== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|