Re: dynamic service port

[Paul Robertson <proberts () patriot net>]

On Thu, 3 Jul 2003 Norman Zhang wrote:

> Date: Thu, 3 Jul 2003 14:25:17 -0700
> From: Norman Zhang <nzhang () arkon-group com>
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] dynamic service port
>
> Hi,
>
> Symantec Corporate Edition 8 generates RTVSCAN (source port 2967) broadcast
> to the network. I would like to drop packets that hit the firewall so my log
> won't get polluted. However RTVSCAN will use a dynamic service port if
> static service port fails. How do I get NG to drop the packets before fw?

I'm not a Checkpont person, but when I tend to design corporate firewalls, 
I like to have a layer 3 device (router) in between my firewall and things 
on either side of it.

Generally, this device is a 2 or 3 interface router, stoppping layer 2 
attacks against the gateway, providing an additional filtering component, 
and stopping both broadcast and multicast traffic from hitting the 
gateway.  Occasionally, it's a multi-NIC Unix box.  These days, I'd look 
at having QoS on it in either case.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards