On 6/1/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote:
> Chris Buechler wrote:
> > Can you name a firewall vendor that doesn't do per-interface rulesets?
> I can name a dozen.
> Start in the big league with the mother of them all, Check Point
> Software Technologies Ltd.
And you'd be wrong. Check Point can do per interface rules. You are
not required to set-up the rulebase in that manner, but it there. Just
because Check Point hides the interface within the Network Object
definition doesn't mean they aren't establishing the security policy
based on interface ingres/egress (inbound, outbound, or eitherbound in
Check Point Marketing speak).