|
||||||||
On 6/1/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote: > Chris Buechler wrote: > > Can you name a firewall vendor that doesn't do per-interface rulesets? > > I can name a dozen. > > Start in the big league with the mother of them all, Check Point > Software Technologies Ltd. And you'd be wrong. Check Point can do per interface rules. You are not required to set-up the rulebase in that manner, but it there. Just because Check Point hides the interface within the Network Object definition doesn't mean they aren't establishing the security policy based on interface ingres/egress (inbound, outbound, or eitherbound in Check Point Marketing speak). -- =Wayne |