Gwydion Mine wrote:
>
> Hello,
>
> Can you folks please tell me what your thoughts are on firewalls in a dynamic
> routing environment? (OSPF/RIP)
Firewalls in general or on Check Point FW-1?
The Check Point FW-1 answer is pretty easy. FW-1 is not designed to be
able to do this. The "Topology" tab and anti-spoofing, which are extremely
important features in FW-1, will be completely broken by dynamic routing.
You can turn off anti-spoofing, but with the fact that the FW-1 GUI does
not let you assign rules by interface, deactivating anti-spoofing may be
very dangerous.
--
Crist J. Clark crist.clark AT globalstar DOT com
Globalstar Communications (408) 933-4387
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
