Network Security: Detailed info on Re: Support for IP redirection by CheckPoint Firewall-1 NG

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Firewalls

[Top] [All Lists]

Re: Support for IP redirection by CheckPoint Firewall-1 NG

from [Markus Wernig] Network Security

[Permanent Link]

Subject:	Re: Support for IP redirection by CheckPoint Firewall-1 NG
Date:	Sat, 30 Apr 2005 13:09:44 +0200

Jarek Sluzewski wrote:

In other words, if the firewall receives a packet, and based on its routing table determines that this packet should be sent via same interface that received it, will the NG forward the packet or just drop it (as PIX would).

In our tests on Nokia Ipso3.8, the packet was sent back out without any problems on the same interface if there was a rule to allow it. We dind't see any icmp redirects. This kind of makes sense because the firewall engine will see the packet before the routing engine does. (And, yes, they would have been dropped anyway.)

krgds /markus

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Support for IP redirection by CheckPoint Firewall-1 NG, Markus Wernig <= Re: Support for IP redirection by CheckPoint Firewall-1 NG, Randall Paige Which one to choose: Checkpoint,Cisco,Juniper Netscreen, Guillome Main Re: Which one to choose: Checkpoint,Cisco,Juniper Netscreen, Charles Antrim Re: Which one to choose: Checkpoint,Cisco,Juniper Netscreen, jerome decool

Previous by Date:	how-to enable ping ?, FM
Next by Date:	Re: Firewall comparison (CISCO and SonicWALL) and some additional clarifications., Robert Davila
Previous by Thread:	how-to enable ping ?, FM
Next by Thread:	Re: Support for IP redirection by CheckPoint Firewall-1 NG, Randall Paige
Indexes:	[Date] [Thread] [Top] [All Lists]