Netscreen 5gt
in [Firewalls]
|
From: Davej on 24 Jan 2010 01:37 So why does netscreen have both "approve" and "deny" policies? I mean isn't everything that isn't approved automatically (logically) denied?
From: Ansgar -59cobalt- Wiechers on 24 Jan 2010 09:07 Davej <galt_57(a)hotmail.com> wrote: > So why does netscreen have both "approve" and "deny" policies? I mean > isn't everything that isn't approved automatically (logically) denied? Assume you want to allow an IP range, but want to exclude one or more subranges. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: Davej on 25 Jan 2010 10:59 On Jan 24, 8:07 am, Ansgar -59cobalt- Wiechers <usenet-2...(a)planetcobalt.net> wrote: > Davej <galt...(a)hotmail.com> wrote: > > So why does netscreen have both "approve" and "deny" policies? I mean > > isn't everything that isn't approved automatically (logically) denied? > > Assume you want to allow an IP range, but want to exclude one or more > subranges. > I guess that makes sense. The thing that got me was that when I put the thing into "home-work" mode it had a default set of four policies; untrust to work = deny untrust to home = deny home to work = permit work to home = deny Since the default is "deny" it seems that three of the four policies accomplish nothing.
From: Ansgar -59cobalt- Wiechers on 25 Jan 2010 14:14 Davej <galt_57(a)hotmail.com> wrote: > On Jan 24, 8:07�am, Ansgar -59cobalt- Wiechers wrote: >> Davej <galt...(a)hotmail.com> wrote: >>> So why does netscreen have both "approve" and "deny" policies? I mean >>> isn't everything that isn't approved automatically (logically) denied? >> >> Assume you want to allow an IP range, but want to exclude one or more >> subranges. > > I guess that makes sense. The thing that got me was that when I put > the thing into "home-work" mode it had a default set of four policies; > > untrust to work = deny > untrust to home = deny > home to work = permit > work to home = deny > > Since the default is "deny" it seems that three of the four policies > accomplish nothing. I'm not familiar with Netscreen, but don't these policies *define* the default behavior? cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: Davej on 25 Jan 2010 14:51 On Jan 25, 1:14 pm, Ansgar -59cobalt- Wiechers <usenet-2...(a)planetcobalt.net> wrote: > Davej <galt...(a)hotmail.com> wrote: > > I'm not familiar with Netscreen, but don't these policies *define* the > default behavior? > I'm happy now. All I need is... home to untrust = permit work to untrust = permit
|
Pages: 1 Prev: Notifying the infected? Next: Can Someone please help me with my Computer stuff? 39531 |