[ previous ] [ next ] [ threads ]
 From:  "Wayne Fiori" <dev9null at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: per-interface rulebases: why?
 Date:  Thu, 1 Jun 2006 13:43:50 -0700
On 6/1/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote:
> Chris Buechler wrote:
> > Can you name a firewall vendor that doesn't do per-interface rulesets?
> I can name a dozen.
> Start in the big league with the mother of them all, Check Point
> Software Technologies Ltd.

And you'd be wrong. Check Point can do per interface rules.  You are
not required to set-up the rulebase in that manner, but it there. Just
because Check Point hides the interface within the Network Object
definition doesn't mean they aren't establishing the security policy
based on interface ingres/egress (inbound, outbound, or eitherbound in
Check Point Marketing speak).