RE: [Full-Disclosure] PIX vs CheckPoint

From: Abraham, Antony (Cognizant) (Antony.Abraham_at_cognizant.com)
Date: 06/30/04

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?" 
    To: "Cyril Guibourg" <plonk-o-matic@teaser.fr>, "Otero, Hernan (EDS)" <HOtero@lanchile.cl>
Date: Wed, 30 Jun 2004 15:38:42 -0400

    Then you would have some static statement which covers the network in questions. PIX need some sort of translation for its ASA (Adaptive Security Algorithm) to work, so a "static" covers the network range would do...

    -Antony

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Cyril Guibourg
    Sent: Wednesday, June 30, 2004 2:18 PM
    To: Otero, Hernan (EDS)
    Cc: full-disclosure@lists.netsys.com
    Subject: Re: [Full-Disclosure] PIX vs CheckPoint

    "Otero, Hernan (EDS)" <HOtero@lanchile.cl> writes:

    > I think you do, because at least a nat 0 it´s needed to get traffic passing
    > through the pix.

    This is odd, I do have a running config under 6.2 without any nat statement.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    This e-mail and any files transmitted with it are for the sole use of the intended recipient(s
    and may contain confidential and privileged information.If you are not the intended recipient,
    please contact the sender by reply e-mail and destroy all copies of the original message.
    Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying
    of this email or any action taken in reliance on this e-mail is strictly prohibited and may be
    unlawful.

     Visit us at http://www.cognizant.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?"

    Relevant Pages

    • RE: [Full-Disclosure] PIX vs CheckPoint; IMHO Netscreen is far superior
      ... I have been using Netscreen (bought by Juniper for $4 billion earlier this ... PIX is a very buggy and exploitable ... Checkpoint is somewhat better, although it dies under most DoS attacks. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] PIX vs CheckPoint
      ... There are better tools to admin rules, like fwbuilder for pix... ... Subject: [Full-Disclosure] PIX vs CheckPoint ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] PIX vs CheckPoint
      ... The Pix Device Manager is painful to work with. ... Subject: PIX vs CheckPoint ... nací para pasar las mañanas contando historias divertidas, ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] PIX vs CheckPoint
      ... I do have a running config under 6.2 without any nat statement. ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)