Re: [FW-1] Does NGX support selective SmartDefense?

Subject:	Re: [FW-1] Does NGX support selective SmartDefense?
From:	Tony Pombo <tony.pombo AT EDICTSYSTEMS DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 26 Oct 2005 10:24:13 -0400

There was a big discussion on this yesterday.  This is a limitation of
SmartDefense, and it has not been corrected in NGX.

-----------------------------------------------
Tony Pombo
Systems and Security Architect
Edict Systems, Inc.
937-429-4288 x279
tony.pombo AT edictsystems DOT com

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sascha
Picchiantano
Sent: Wednesday, October 26, 2005 9:47 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Does NGX support selective SmartDefense?

Hi,

I think a big drawback of SmartDefense in NG is that you can not disable
it for certain destinations or sources. Say you have enabled to block
non-ascii characters in HTTP then this is on for all HTTP
communications, no matter what. Now say you know of a website that's
basically secure and you need to have access to it, but it is being
blocked by SmartDefense because it sends out non-asciii characters in
HTTP headers. Now what do you do: Don't access the site or disable the
character checking?

Now... maybe there is an answer for this in NGX? 

Thanks
Sascha

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Does NGX support selective SmartDefense?, Sascha Picchiantano Re: [FW-1] Does NGX support selective SmartDefense?, Tony Pombo <= Re: [FW-1] Does NGX support selective SmartDefense?, Tony Pombo Re: [FW-1] Does NGX support selective SmartDefense?, Brisbine, Geoff

Previous by Date:	[FW-1] SmartView Monitor disk stat, Gennadiy Reznichenko
Next by Date:	Re: [FW-1] secureplatform vs windows 2003, Bill Smith
Previous by Thread:	[FW-1] Does NGX support selective SmartDefense?, Sascha Picchiantano
Next by Thread:	Re: [FW-1] Does NGX support selective SmartDefense?, Tony Pombo
Indexes:	[Date] [Thread] [Top] [All Lists]