Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #1093 > unrolled thread

appliance firewall

Back to article view | Back to comp.os.linux.misc

Contents

  appliance firewall Todd <Todd@invalid.com> - 2011-05-15 20:16 -0700
    Re: appliance firewall Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2011-05-15 20:32 -0700
    Re: appliance firewall Thad Floryan <thad@thadlabs.com> - 2011-05-15 21:51 -0700
      Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-16 20:37 -0700
        Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-16 20:39 -0700
        Re: appliance firewall Thad Floryan <thad@thadlabs.com> - 2011-05-17 02:05 -0700
          Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-17 10:39 -0700
            Re: appliance firewall The Natural Philosopher <tnp@invalid.invalid> - 2011-05-17 19:41 +0100
              Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-17 12:23 -0700
                Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-17 12:24 -0700
                Re: appliance firewall The Natural Philosopher <tnp@invalid.invalid> - 2011-05-18 01:13 +0100
                  Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-18 09:32 -0700
                    Re: appliance firewall The Natural Philosopher <tnp@invalid.invalid> - 2011-05-18 21:18 +0100
                      Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-19 12:13 -0700
    Re: appliance firewall The Natural Philosopher <tnp@invalid.invalid> - 2011-05-16 12:53 +0100
    Re: appliance firewall technomaNge <cowpaddy@bullshit.net> - 2011-05-16 20:34 -0500
      Re: appliance firewall The Natural Philosopher <tnp@invalid.invalid> - 2011-05-17 10:55 +0100
    Re: appliance firewall Mark <i@dontgetlotsofspamanymore.invalid> - 2011-05-17 10:08 +0100
      Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-17 10:53 -0700
        Re: appliance firewall Mark <i@dontgetlotsofspamanymore.invalid> - 2011-05-18 09:17 +0100
          Re: appliance firewall Todd <Todd@invalid.com> - 2011-05-18 09:31 -0700

Page 1 of 2  [1] 2  Next page →

#1093 — appliance firewall

Hi All,

I have a client with several small facilities.  She is going
through a security audit with an insurance company that insures
again credit card theft.  As part of the audit process, the
insurance company runs a scan against her routers.

Problem: the el-cheapo router-of-the-day from the various ISP's
that she uses fail this scan.

So I have been researching appliance firewalls for her.  Watchguard
seems to have a good product, but I have never used them.

At some point Google does not fill the bill and you have to ask
for others personal experiences.  Does anyone have a favorite
appliance firewall they have used and would recommend?  Hopefully,
one that does not break the bank.

Many thanks,
-T

[toc] | [next] | [standalone]

#1094

On 2011-05-16, Todd <Todd@invalid.com> wrote:
>
> Problem: the el-cheapo router-of-the-day from the various ISP's
> that she uses fail this scan.

More specifically: the firmware that ships with her router fails.

> At some point Google does not fill the bill and you have to ask
> for others personal experiences.  Does anyone have a favorite
> appliance firewall they have used and would recommend?  Hopefully,
> one that does not break the bank.

I would recommend seeing if some open source firmware, like OpenWRT,
DD-WRT, or similar, will run on her router.  If so, you get a real linux
that can do real firewalling without having to replace otherwise good
hardware.  (There are also *BSD-based firmwares, but if you are already
familiar with iptables using a linux-based one will be a shorter
learning curve.)

--keith

-- 
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

[toc] | [prev] | [next] | [standalone]

#1096

On 5/15/2011 8:16 PM, Todd wrote:
> Hi All,
> 
> I have a client with several small facilities.  She is going
> through a security audit with an insurance company that insures
> again credit card theft.  As part of the audit process, the
> insurance company runs a scan against her routers.
> 
> Problem: the el-cheapo router-of-the-day from the various ISP's
> that she uses fail this scan.
> 
> So I have been researching appliance firewalls for her.  Watchguard
> seems to have a good product, but I have never used them.
> 
> At some point Google does not fill the bill and you have to ask
> for others personal experiences.  Does anyone have a favorite
> appliance firewall they have used and would recommend?  Hopefully,
> one that does not break the bank.

I've installed 100s of the SonicWALL appliances for clients at
everything from small sole proprietorships to medium-sized corporations
since the 1990s.  Not one breakin, ever:

    <http://www.sonicwall.com/>
    <http://en.wikipedia.org/wiki/SonicWALL>

They have solutions from inexpensive hardcover-book-sized appliances
to large rack-mounted devices:

    <http://www.sonicwall.com/us/products/TZ_Series.html#tab=models>
to
    <http://www.sonicwall.com/us/products/SuperMassive_Series.html>

Here's a picture of my network demarc incorporating a SonicWALL
TZ170 with WAN, LAN and DMZ ports all at 100Mbps:

    <http://thadlabs.com/PIX/ThadLABS_network_demarc.jpg>

and here's a picture of about 1/3 of the computers on my home LAN
behind that firewall:

    <http://thadlabs.com/PIX/Thad_desk.jpg>

SonicWALL is literally a plug'n'play solution that just works.

[toc] | [prev] | [next] | [standalone]

#1121

On 05/15/2011 09:51 PM, Thad Floryan wrote:
> On 5/15/2011 8:16 PM, Todd wrote:
>> Hi All,
>>
>> I have a client with several small facilities.  She is going
>> through a security audit with an insurance company that insures
>> again credit card theft.  As part of the audit process, the
>> insurance company runs a scan against her routers.
>>
>> Problem: the el-cheapo router-of-the-day from the various ISP's
>> that she uses fail this scan.
>>
>> So I have been researching appliance firewalls for her.  Watchguard
>> seems to have a good product, but I have never used them.
>>
>> At some point Google does not fill the bill and you have to ask
>> for others personal experiences.  Does anyone have a favorite
>> appliance firewall they have used and would recommend?  Hopefully,
>> one that does not break the bank.
>
> I've installed 100s of the SonicWALL appliances for clients at
> everything from small sole proprietorships to medium-sized corporations
> since the 1990s.  Not one breakin, ever:
>
>      <http://www.sonicwall.com/>
>      <http://en.wikipedia.org/wiki/SonicWALL>
>
> They have solutions from inexpensive hardcover-book-sized appliances
> to large rack-mounted devices:
>
>      <http://www.sonicwall.com/us/products/TZ_Series.html#tab=models>
> to
>      <http://www.sonicwall.com/us/products/SuperMassive_Series.html>
>
> Here's a picture of my network demarc incorporating a SonicWALL
> TZ170 with WAN, LAN and DMZ ports all at 100Mbps:
>
>      <http://thadlabs.com/PIX/ThadLABS_network_demarc.jpg>
>
> and here's a picture of about 1/3 of the computers on my home LAN
> behind that firewall:
>
>      <http://thadlabs.com/PIX/Thad_desk.jpg>
>
> SonicWALL is literally a plug'n'play solution that just works.

Hi Thad,

100's.  Hmmm.  Exactly the information I was looking for.
Thank you!

The frustrating part of all this is that the scan is only of the
public IP address.  It does not see anything, such as a firewall
on the other side of the router.  This is really not about
security.  Its about insurance provider avoiding liability.
Meaning that I can not put a firewall in between the router and the
internal network and be guaranteed to always pass their probe test.
All the customer's facilities use NAT.  The probe doesn't even
know what the internal IP address are.

I can put the el-cheapo modem in bridge mode, but the next el-cheapo
low-bid-router-of-the-week will be back in regular mode and the
hassles will start all over.  And, who know how long the el-cheapo
modems will still support bridge mode.  Ever have an ISP tech
show up at a customer's facility and redo your entire configuration?

And if this weeks replacement el-cheapo doesn't pass their test,
they will void their liability.

-T

[toc] | [prev] | [next] | [standalone]

#1122

On 05/16/2011 08:37 PM, Todd wrote:
> Meaning that I can not put a firewall in between the router and the
> internal network and be guaranteed to always pass their probe test.

oops.  that should have said "not be guaranteed"

[toc] | [prev] | [next] | [standalone]

#1127

On 5/16/2011 8:37 PM, Todd wrote:
> On 05/15/2011 09:51 PM, Thad Floryan wrote:
>> On 5/15/2011 8:16 PM, Todd wrote:
>>> [...]
>>>
>> SonicWALL is literally a plug'n'play solution that just works.
> 
> Hi Thad,
> 
> 100's.  Hmmm.  Exactly the information I was looking for.
> Thank you!

You're welcome!  It was someone posting in the ba.internet group
back in the mid-1990s that clued me in to SonicWALL and I've been
installing them for clients until 2008 when I retired.

> [...]
> The frustrating part of all this is that the scan is only of the
> public IP address.  It does not see anything, such as a firewall
> on the other side of the router.  This is really not about
> security.  Its about insurance provider avoiding liability.
> Meaning that I can not put a firewall in between the router and the
> internal network and be guaranteed to always pass their probe test.
> All the customer's facilities use NAT.  The probe doesn't even
> know what the internal IP address are.
> 
> I can put the el-cheapo modem in bridge mode, but the next el-cheapo
> low-bid-router-of-the-week will be back in regular mode and the
> hassles will start all over.  And, who know how long the el-cheapo
> modems will still support bridge mode.  Ever have an ISP tech
> show up at a customer's facility and redo your entire configuration?
> 
> And if this weeks replacement el-cheapo doesn't pass their test,
> they will void their liability.

What EXACTLY is it they're testing?  I have my SonicWALL TZ170 setup
to be in stealth mode -- there is absolutely NO response from the
SonicWALL to anything from the outside.

Another nice aspect of the SonicWALL is no moving parts and no heat
such as would be the case if I cobbled-up a linux-based system using
old hardware.  Plug computers are a possibility, but I'm unaware of
any with multiple NICs -- my SheevaPlugs and GuruPlugs have single
GigE ports:

      <http://thadlabs.com/PIX/SheevaPlug_labelled.jpg>
      <http://thadlabs.com/PIX/SheevaPlug_underside.jpg>
      <http://thadlabs.com/PIX/Sheevaplug_Webmin.jpg>
      <http://thadlabs.com/PIX/SheevaPlug_GuruPlug.jpg>

In case it wasn't obvious, the SonicWALL appliance is also a router.
I presently have a maxed DOCSIS 2.0 cable connection and here's a
simple diagram of my home office setup:

                                 outdoor cable
                               ________|_________
                              [ Motorola SB-5101 ]
                              [____cable modem___]
                                       |
                               ________|_________
                              [  SonicWall TZ170 ]
                              [__Firewall/Router_]
                           LAN |                | DMZ
   The Cisco router is   ______|______    ______|_________
   to get-around a LAN  [Cisco BEFSR41]  [ D-Link DIR-625 ]
   license issue with   [___Router____]  [__(Guest Wifi)__]
   the SonicWall due to   |  |  |  |
   # of devices on LAN    |  |  |  |
                       various switches
                   for computers, printers,
                   LANCAMs, LAN WiFi, other
                   devices (RS-232, USB hub)

FWIW, there's double NATing from my LAN to the outside and it doesn't
seem to affect anything (home banking, Steam games, ssh, sftp, etc.).

Again, I'm really curious what it is they're testing.

[toc] | [prev] | [next] | [standalone]

#1135

On 05/17/2011 02:05 AM, Thad Floryan wrote:

> What EXACTLY is it they're testing?  I have my SonicWALL TZ170 setup
> to be in stealth mode -- there is absolutely NO response from the
> SonicWALL to anything from the outside.

They are not saying.  They just give you a write up as to what went
wrong.  This is the worst they found:

      Threat: This server uses TCP/IP implementation that respects
      the "64K rule", or a "time dependent rule" for generating TCP
      sequence numbers. Unauthorized users can predict sequence
      numbers when two hosts are communicating, and connect to
      your server from any source IP address. The only difference
      with a legitimate connection is that the attacker will not
      see the replies sent back to the authorized user whose IP
      was forged.

> Another nice aspect of the SonicWALL is no moving parts and no heat
> such as would be the case if I cobbled-up a linux-based system using
> old hardware.

I absolutely concur.  The old computer route is insane.  Plus,
my customers do not have spare old computer.  They are the ones
they are using (and won't replace).  When they do replace their
computers, the old one have completely failed.

One could say that the two of us should go through and replace
all the fans (don't forget the power supply fan) and just grin and bear 
it.  Then all we have to do is wait for all the electrolytic capacitors 
to start oozing.  New and no moving parts is best.

> In case it wasn't obvious, the SonicWALL appliance is also a router.

It was obvious.  (I read their manual.)

>
> FWIW, there's double NATing from my LAN to the outside and it doesn't
> seem to affect anything (home banking, Steam games, ssh, sftp, etc.).

Double NAT'ing still will fail the insurance company's test.
They are testing the first thing they see, which would be the
first NAT.  This is not about protecting the customer.  This
is about denying coverage after a claim has been made.
Imagine the insurance companies lawyer in court pointing at
my customer and accusing them of having an unprotected network.

>
> Again, I'm really curious what it is they're testing.

Thank you for the thoughtful input!
-T

[toc] | [prev] | [next] | [standalone]

#1137

Todd wrote:
> On 05/17/2011 02:05 AM, Thad Floryan wrote:
> 
>> What EXACTLY is it they're testing?  I have my SonicWALL TZ170 setup
>> to be in stealth mode -- there is absolutely NO response from the
>> SonicWALL to anything from the outside.
> 
> They are not saying.  They just give you a write up as to what went
> wrong.  This is the worst they found:
> 
>      Threat: This server uses TCP/IP implementation that respects
>      the "64K rule", or a "time dependent rule" for generating TCP
>      sequence numbers. Unauthorized users can predict sequence
>      numbers when two hosts are communicating, and connect to
>      your server from any source IP address. The only difference
>      with a legitimate connection is that the attacker will not
>      see the replies sent back to the authorized user whose IP
>      was forged.
> 

Big fuckin deal.

So someone forges a return address and a sequence number and gets zilch 
in return?


team games, ssh, sftp, etc.).
> 
> Double NAT'ing still will fail the insurance company's test.
> They are testing the first thing they see, which would be the
> first NAT.  This is not about protecting the customer.  This
> is about denying coverage after a claim has been made.
> Imagine the insurance companies lawyer in court pointing at
> my customer and accusing them of having an unprotected network.
> 
Time to change insurance companies. Or boundary routers.

[toc] | [prev] | [next] | [standalone]

#1138

On 05/17/2011 11:41 AM, The Natural Philosopher wrote:
> Todd wrote:
>> On 05/17/2011 02:05 AM, Thad Floryan wrote:
>>
>>> What EXACTLY is it they're testing? I have my SonicWALL TZ170 setup
>>> to be in stealth mode -- there is absolutely NO response from the
>>> SonicWALL to anything from the outside.
>>
>> They are not saying. They just give you a write up as to what went
>> wrong. This is the worst they found:
>>
>> Threat: This server uses TCP/IP implementation that respects
>> the "64K rule", or a "time dependent rule" for generating TCP
>> sequence numbers. Unauthorized users can predict sequence
>> numbers when two hosts are communicating, and connect to
>> your server from any source IP address. The only difference
>> with a legitimate connection is that the attacker will not
>> see the replies sent back to the authorized user whose IP
>> was forged.
>>
>
> Big fuckin deal.

Hear! Hear!  Been chucklin' and grinnin'  :-D

>
> So someone forges a return address and a sequence number and gets zilch
> in return?

Not about protecting the customer.  About denying a claim.
Your above comment very accurately describes it.

>
> team games, ssh, sftp, etc.).
>>
>> Double NAT'ing still will fail the insurance company's test.
>> They are testing the first thing they see, which would be the
>> first NAT. This is not about protecting the customer. This
>> is about denying coverage after a claim has been made.
>> Imagine the insurance companies lawyer in court pointing at
>> my customer and accusing them of having an unprotected network.

> Time to change insurance companies. Or boundary routers.

Have suggested the first to my customer already.  Also suggested
they have their lawyer look over the policy before they purchase
it as I think their is little chance of a payout.  You should see
the 200+ questionnaire they have to fill out!

As to the second.  Good idea.  Thad's Sonic WALL solution should
do the trick.  My main problem is that every time a low-bid-router-
of-the-week gets replaced, the network will have to be re-configured.
I especially do not look forward to another high school drop out
strutting into my customer's facility and ...

Visualize an all steel "A" frame building with a six foot steel pole
extending above the roof with a microwave receiver on top of it.
The only thing missing is the "kick me" sign.  Their router gets
taken out by lightening twice a year.  (I have lightening
suppressors installed on their feed, but the router/modem
still gets nailed.  At least the rest of the equipment longer
gets fried.)

Still chucklin' and grinnin',

-T

[toc] | [prev] | [next] | [standalone]

#1139

On 05/17/2011 12:23 PM, Todd wrote:
> think their is
oops.  Should have been "there"  (I went to publik skool.)

-T

[toc] | [prev] | [next] | [standalone]

#1141

Todd wrote:
> On 05/17/2011 11:41 AM, The Natural Philosopher wrote:
>> Todd wrote:
>>> On 05/17/2011 02:05 AM, Thad Floryan wrote:
>>>
>>>> What EXACTLY is it they're testing? I have my SonicWALL TZ170 setup
>>>> to be in stealth mode -- there is absolutely NO response from the
>>>> SonicWALL to anything from the outside.
>>>
>>> They are not saying. They just give you a write up as to what went
>>> wrong. This is the worst they found:
>>>
>>> Threat: This server uses TCP/IP implementation that respects
>>> the "64K rule", or a "time dependent rule" for generating TCP
>>> sequence numbers. Unauthorized users can predict sequence
>>> numbers when two hosts are communicating, and connect to
>>> your server from any source IP address. The only difference
>>> with a legitimate connection is that the attacker will not
>>> see the replies sent back to the authorized user whose IP
>>> was forged.
>>>
>>
>> Big fuckin deal.
> 
> Hear! Hear!  Been chucklin' and grinnin'  :-D
> 
>>
>> So someone forges a return address and a sequence number and gets zilch
>> in return?
> 
> Not about protecting the customer.  About denying a claim.
> Your above comment very accurately describes it.
> 
>>
>> team games, ssh, sftp, etc.).
>>>
>>> Double NAT'ing still will fail the insurance company's test.
>>> They are testing the first thing they see, which would be the
>>> first NAT. This is not about protecting the customer. This
>>> is about denying coverage after a claim has been made.
>>> Imagine the insurance companies lawyer in court pointing at
>>> my customer and accusing them of having an unprotected network.
> 
>> Time to change insurance companies. Or boundary routers.
> 
> Have suggested the first to my customer already.  Also suggested
> they have their lawyer look over the policy before they purchase
> it as I think their is little chance of a payout.  You should see
> the 200+ questionnaire they have to fill out!
> 
> As to the second.  Good idea.  Thad's Sonic WALL solution should
> do the trick.  My main problem is that every time a low-bid-router-
> of-the-week gets replaced, the network will have to be re-configured.
> I especially do not look forward to another high school drop out
> strutting into my customer's facility and ...
> 
> Visualize an all steel "A" frame building with a six foot steel pole
> extending above the roof with a microwave receiver on top of it.
> The only thing missing is the "kick me" sign.  Their router gets
> taken out by lightening twice a year.  (I have lightening
> suppressors installed on their feed, but the router/modem
> still gets nailed.  At least the rest of the equipment longer
> gets fried.)
> 
> Still chucklin' and grinnin',
> 
> -T
> 
<pedant> Lightning.
Lightening is throwing the passengers out of the hot air balooon</pedant>

Try contacting someone who does real customer support, like Cisco, and 
if they have a solution, then get them to respond formally to the above 
problem.

Then get a 24 hour service contract, so if one goes bang, they fix it 
under contract.

Finally get Cisco AND your insurance company to retest. Let them fight 
it out. No sale if the Cisco don't pass the test.

[toc] | [prev] | [next] | [standalone]

#1156

On 05/17/2011 05:13 PM, The Natural Philosopher wrote:
> <pedant> Lightning.
> Lightening is throwing the passengers out of the hot air balooon</pedant>

I always make that mistake.  Made me look up "Pedant" too.  :-)

[toc] | [prev] | [next] | [standalone]

#1166

Todd wrote:
> On 05/17/2011 05:13 PM, The Natural Philosopher wrote:
>> <pedant> Lightning.
>> Lightening is throwing the passengers out of the hot air balooon</pedant>
> 
> I always make that mistake.  Made me look up "Pedant" too.  :-)
You missed the mistyping of balloon though ;-)

[toc] | [prev] | [next] | [standalone]

#1176

On 05/18/2011 01:18 PM, The Natural Philosopher wrote:
> Todd wrote:
>> On 05/17/2011 05:13 PM, The Natural Philosopher wrote:
>>> <pedant> Lightning.
>>> Lightening is throwing the passengers out of the hot air
>>> balooon</pedant>
>>
>> I always make that mistake. Made me look up "Pedant" too. :-)
> You missed the mistyping of balloon though ;-)

I am dooomed!

[toc] | [prev] | [next] | [standalone]

#1100

Todd wrote:
> Hi All,
> 
> I have a client with several small facilities.  She is going
> through a security audit with an insurance company that insures
> again credit card theft.  As part of the audit process, the
> insurance company runs a scan against her routers.
> 
> Problem: the el-cheapo router-of-the-day from the various ISP's
> that she uses fail this scan.
> 
> So I have been researching appliance firewalls for her.  Watchguard
> seems to have a good product, but I have never used them.
> 
> At some point Google does not fill the bill and you have to ask
> for others personal experiences.  Does anyone have a favorite
> appliance firewall they have used and would recommend?  Hopefully,
> one that does not break the bank.
> 
> Many thanks,
> -T

Frankly, best price performance is to buy better boundary routers.

Only if you have a really complex firewall and external limit access 
situation does a complex 'software' firewall make sense.

In every case you cannot answer the question without absolutely defining 
what access you need through your firewall, and what security you wih to 
attach to it.

A firewall scan means little beyond its use as sales tool to sell you an 
approach that passes the test!

However in this case we may presume the scan is professionally independent.

BUT it could be no more than badly configured routres,

[toc] | [prev] | [next] | [standalone]

#1119

On 05/15/2011 10:16 PM, Todd wrote:

>
> At some point Google does not fill the bill and you have to ask
> for others personal experiences. Does anyone have a favorite
> appliance firewall they have used and would recommend? Hopefully,
> one that does not break the bank.

Can't get much cheaper than free!
For work, I grabbed an old computer from the stack,
added a second network card, and installed IPFire.

IPFire is a german built firewall/router.  It has a graphical
interface.  I set some port forwarding rules. Done.

Total new cost: my time and a blank CD.

See http://www.ipfire.org for more info and download.
Did I mention it is FREE?


technomaNge
-- 

[toc] | [prev] | [next] | [standalone]

#1130

technomaNge wrote:
> On 05/15/2011 10:16 PM, Todd wrote:
> 
>>
>> At some point Google does not fill the bill and you have to ask
>> for others personal experiences. Does anyone have a favorite
>> appliance firewall they have used and would recommend? Hopefully,
>> one that does not break the bank.
> 
> Can't get much cheaper than free!
Power consumption?

work out what 10,000 hours at 60W costs you in a year.

> For work, I grabbed an old computer from the stack,
> added a second network card, and installed IPFire.
> 
> IPFire is a german built firewall/router.  It has a graphical
> interface.  I set some port forwarding rules. Done.
> 
> Total new cost: my time and a blank CD.
> 
> See http://www.ipfire.org for more info and download.
> Did I mention it is FREE?
> 
> 
> technomaNge

[toc] | [prev] | [next] | [standalone]

#1128

On Sun, 15 May 2011 20:16:45 -0700, Todd <Todd@invalid.com> wrote:

>Hi All,
>
>I have a client with several small facilities.  She is going
>through a security audit with an insurance company that insures
>again credit card theft.  As part of the audit process, the
>insurance company runs a scan against her routers.
>
>Problem: the el-cheapo router-of-the-day from the various ISP's
>that she uses fail this scan.
>
>So I have been researching appliance firewalls for her.  Watchguard
>seems to have a good product, but I have never used them.
>
>At some point Google does not fill the bill and you have to ask
>for others personal experiences.  Does anyone have a favorite
>appliance firewall they have used and would recommend?  Hopefully,
>one that does not break the bank.

What test(s) does it fail?
-- 
(\__/)  M.
(='.'=) Due to the amount of spam posted via googlegroups and
(")_(") their inaction to the problem. I am blocking some articles
posted from there.  If you wish your postings to be seen by
everyone you will need use a different method of posting.

[toc] | [prev] | [next] | [standalone]

#1136

On 05/17/2011 02:08 AM, Mark wrote:

> What test(s) does it fail?

See my above post to Thad (made about 10 minutes ago)

[toc] | [prev] | [next] | [standalone]

#1148

On Tue, 17 May 2011 10:53:32 -0700, Todd <Todd@invalid.com> wrote:

>On 05/17/2011 02:08 AM, Mark wrote:
>
>> What test(s) does it fail?
>
>See my above post to Thad (made about 10 minutes ago)

So no real-world risk then.
-- 
(\__/)  M.
(='.'=) Due to the amount of spam posted via googlegroups and
(")_(") their inaction to the problem. I am blocking some articles
posted from there.  If you wish your postings to be seen by
everyone you will need use a different method of posting.

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.os.linux.misc

csiph-web