Sign in with
Sign up | Sign in
Your question

Will Symantec 100 do the job...?

Last response: in Networking
Share
Anonymous
May 6, 2004 10:41:19 PM

Archived from groups: comp.security.firewalls (More info?)

I'm looking for a firewall to connect between our departmental LAN and the
campus-wide network, in order to block ports that we aren't using, and,
potentially, block all packets from certain IP numbers that have been
identified as cracker sites.

I don't need DHCP or NAT; I want traffic to go directly through my firewall
to the various machines, which are DHCP-served from a campus DHCP server.

Will the Symantec Firewall/VPN Appliance, Model 100, do this job? It is
such a multifunction device that I'm having a little trouble figuring out
from the documentation how to get it to do as *little* as I want. I haven't
bought one yet.

Thanks!

--

Michael A. Covington - Artificial Intelligence Ctr - University of Georgia

"In the core C# language it is simply not possible to have an uninitialized
variable, a 'dangling' pointer, or an expression that indexes an array
beyond its bounds. Whole categories of bugs that routinely plague C and C++
programs are thus eliminated." - A. Hejlsberg, The C# Programming Language

More about : symantec 100 job

Anonymous
May 7, 2004 4:33:07 AM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 6 May 2004 18:41:19 -0400, Michael A. Covington spoketh

>I'm looking for a firewall to connect between our departmental LAN and the
>campus-wide network, in order to block ports that we aren't using, and,
>potentially, block all packets from certain IP numbers that have been
>identified as cracker sites.
>
>I don't need DHCP or NAT; I want traffic to go directly through my firewall
>to the various machines, which are DHCP-served from a campus DHCP server.
>
>Will the Symantec Firewall/VPN Appliance, Model 100, do this job? It is
>such a multifunction device that I'm having a little trouble figuring out
>from the documentation how to get it to do as *little* as I want. I haven't
>bought one yet.
>
>Thanks!

No.

You can not define specific rules on the Symantec Firewall/VPN
appliances. A port is either open or closed, there's no where to specify
which IP addresses can access something and which can not.

As for the other things, yes. NAT and DHCP can be disabled, and you can
enable port filters, which will block all outbound ports except those
explicitly opened. There's only a few standard services available, plus
an additional 5 port ranges each for TCP and UDP, so that might be too
restrictive for you if you need a lot of different ports opened...


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
Anonymous
May 7, 2004 4:33:08 AM

Archived from groups: comp.security.firewalls (More info?)

Thanks very much for the information. It may be worth the $300 anyhow,
since we can block out the cracker sites anyhow.

Our main concern is to block the ports that we aren't explicitly using (a
few standard services and a few other ports). This will provide one more
obstacle to viruses that spread through unusual ports. There is a
campus-wide firewall, but our people also recommend that we put a firewall
between ourselves and the campus-wide network.

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:7tll90pejqfjjd9hdq1pfo1srjua2k5a6f@4ax.com...
> On Thu, 6 May 2004 18:41:19 -0400, Michael A. Covington spoketh
>
> >I'm looking for a firewall to connect between our departmental LAN and
the
> >campus-wide network, in order to block ports that we aren't using, and,
> >potentially, block all packets from certain IP numbers that have been
> >identified as cracker sites.
> >
> >I don't need DHCP or NAT; I want traffic to go directly through my
firewall
> >to the various machines, which are DHCP-served from a campus DHCP server.
> >
> >Will the Symantec Firewall/VPN Appliance, Model 100, do this job? It is
> >such a multifunction device that I'm having a little trouble figuring out
> >from the documentation how to get it to do as *little* as I want. I
haven't
> >bought one yet.
> >
> >Thanks!
>
> No.
>
> You can not define specific rules on the Symantec Firewall/VPN
> appliances. A port is either open or closed, there's no where to specify
> which IP addresses can access something and which can not.
>
> As for the other things, yes. NAT and DHCP can be disabled, and you can
> enable port filters, which will block all outbound ports except those
> explicitly opened. There's only a few standard services available, plus
> an additional 5 port ranges each for TCP and UDP, so that might be too
> restrictive for you if you need a lot of different ports opened...
>
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"
Anonymous
May 20, 2004 4:53:15 PM

Archived from groups: comp.security.firewalls (More info?)

"Michael A. Covington" <look@www.covingtoninnovations.com.for.address&gt; wrote in message news:<BMCdnWLLrpvpZgfdRVn-vw@speedfactory.net>...
> Thanks very much for the information. It may be worth the $300 anyhow,
> since we can block out the cracker sites anyhow.
>
> Our main concern is to block the ports that we aren't explicitly using (a
> few standard services and a few other ports). This will provide one more
> obstacle to viruses that spread through unusual ports. There is a
> campus-wide firewall, but our people also recommend that we put a firewall
> between ourselves and the campus-wide network.
>
> "Lars M. Hansen" <badnews@hansenonline.net> wrote in message
> news:7tll90pejqfjjd9hdq1pfo1srjua2k5a6f@4ax.com...
> > On Thu, 6 May 2004 18:41:19 -0400, Michael A. Covington spoketh
> >
> > >I'm looking for a firewall to connect between our departmental LAN and
> the
> > >campus-wide network, in order to block ports that we aren't using, and,
> > >potentially, block all packets from certain IP numbers that have been
> > >identified as cracker sites.
> > >
> > >I don't need DHCP or NAT; I want traffic to go directly through my
> firewall
> > >to the various machines, which are DHCP-served from a campus DHCP server.
> > >
> > >Will the Symantec Firewall/VPN Appliance, Model 100, do this job? It is
> > >such a multifunction device that I'm having a little trouble figuring out
> > >from the documentation how to get it to do as *little* as I want. I
> haven't
> > >bought one yet.
> > >
> > >Thanks!
> >
> > No.
> >
> > You can not define specific rules on the Symantec Firewall/VPN
> > appliances. A port is either open or closed, there's no where to specify
> > which IP addresses can access something and which can not.
> >
> > As for the other things, yes. NAT and DHCP can be disabled, and you can
> > enable port filters, which will block all outbound ports except those
> > explicitly opened. There's only a few standard services available, plus
> > an additional 5 port ranges each for TCP and UDP, so that might be too
> > restrictive for you if you need a lot of different ports opened...
> >
> >
> > Lars M. Hansen
> > www.hansenonline.net
> > Remove "bad" from my e-mail address to contact me.
> > "If you try to fail, and succeed, which have you done?"

if you are looking for a firewall try kerio, it has many advanced
settings is reliable and has the usual extra's such as pop up filter
etc
!