This is kind of interesting. I have Floodgate installed, which is supposed
to disable flows automagically. Yet when I push a policy, I get a warning
that the gateway supports flows and that TCP Sequence checking cannot be
performed on accelerated connections. I always figured it was a benign
warning.
Ray
From: Tom Stala <stala AT TAMPABAY.RR DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Smartdefense and flows
Date: Tue, 27 Jul 2004 08:47:22 -0400
for those of you running Nokia's and have smartdefense lic you need to turn
off flows, or you will not be doing any signature detecting on TCP or UDP.
----- Original Message -----
From: "Tom Stala" <stala AT TAMPABAY.RR DOT COM>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Monday, July 26, 2004 9:24 AM
Subject: [FW-1] Smartdefense and flows
I am having a discussion at work about how SmartDefense works with flows.
From what I know of how CheckPoint handles the connection it checks source
destination and what it is doing and then allows the connection to flow
through at a lower level in the OSI. It places the basic information of the
connection in a state table and matches it up and allows the traffic to
flow
through.
So how is Smartdefense going to check for signatures if it is only checking
the start of the communication?
To get the full ability of Smartdefense should flows be turned off?
If flows is turned off how is this going to affect resources?
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Planning a family vacation? Check out the MSN Family Travel guide!
http://dollar.msn.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
