ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1

• Previous message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Next message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> Is it still very counter intuitive to set up a PIX to _not_
> do the eevul NAT? Is the PIX no longer PeeCee hardware underneath
> (I know they got rid of the HDD) so not as to bring NOs down to the
> level of the great unwashed throngs of desktop users?

Of course, PIX is still a CISCO - this means _configure it by cisco's
example and modify, do not write out configuration from the scratch_ (Cisco
have a very bold history of different bugs and behaviours, such as 'VoIP
requires 'ip routing' on 36xx and 53xx'). But, after all, it works without
major problems, and became very easy to manage (I have automatic
configuration repository with web interface, CVSWEB archive, and so on - and
it always take 1 minute to save config,  check config, check changes happen
during last week, revert configuration back, even to update PIX OS in
redundant environment). For Checkpont owners (we have some legacy in
company), it is a very complicated (often impossible) process.

Security advisories are another issue, but I'd expect more about Checkpoint,
stating that it is based on general OS.
> Globalstar Communications                                (408) 933-4387

• Previous message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Next message (by thread): ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]