Xylan switches running Checkpoint FW-1

[Terry Darling <tmd () telecosm com au>]

hello all!

in the context of the recent thread re. trends toward
"firewalls-in-silicon" ...

AFAIK Xylan (not Checkpoint) did the port of the FW-1 code to the Xylan
switches.  yes?

anyone want to pass on any details of any *direct* (not "I heard that ...")
experience with these beasties?

Particularly:

- how does the box handle IP fragments?
- how configurable is its logging eg. can it be configured to pattern match
on "abnormal" events?
- is is also vulnerable to the the SNMP hole discovered recently?

thanks!

*------------------*------------------------*-------------------------------*
Terry Darling      | PO Box 61 Concord West | PGP 2.6 key on request
tmd () telecosm com au| NSW 2138  AUSTRALIA    | PGP fingerprint:
tmd () hum uts edu au | ph: 0411 267852        | 35C42DBFB8B4DF91A8DF6DD6CBB3C89
*------------------*------------------------*-------------------------------*
the statements in this message are my opinions, they may have no basis
whatsoever in fact & cannot be attributed in any way to my current employer,

Support the anti-spam movement; go to <http://www.cauce.org/>