mozar
Highly Honored Mass-Poster
Posts: 1524
|
 |
Re: CHX-I dedicated Forum
« Reply #1 on: Dec 7th, 2004, 5:48am » |
 Quote  Modify
|
BTW , if you want to try "CHX-I" please read all the on-line documentation and download the Manual .
And here is a copy of the developer's " Must read " :
" ...In its default configuration the packet filter does not impose any security restrictions on any type of traffic.
The CHX-I Packet Filter is not a personal firewall and should not be used by those expecting out-of-the box security configurations or unfamiliar with TCP/IP networking and IP security in general. Several configuration templates are provided to assist first time users in grasping CHX-I filtering concepts. These templates can be obtained in the idrci.net download area.
First time users are encouraged to make extensive use of the available logging features (and the GoTo Related Filter feature) when debugging their CHX-I IP security policies.
The packet filter cannot facilitate address/port translation in gateway environments. The CHX-I NAT module was designed to provide this functionality as either a stand alone or add-on to the packet filter management console. ... "
And , also , this one here :
" ... Several rules of thumb that should be understood when creating packet filter policies:
1. All traffic is first checked against static packet filter rules. If allowed - the traffic is then analyzed by the stateful inspection engine provided the state analysis options are enabled.
2. "Allow" rules are Prohibitive. This means anything not specified in the Allow rules is automatically dropped.
3. If the UDP "pseudo-stateful" option is enabled a Force Allow must be used when running UDP servers (e.g. DNS).
4. If the ICMP "pseudo-stateful" option is enabled a Force Allow must be used when unsolicited ICMP traffic is allowed.
4. A Force Allow acts as a trump card only within the same priority context.
... "
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register