[ previous ] [ next ] [ threads ]
 From:  sai <sonicsai at gmail dot com>
 To:  "Joe Lagreca" <joe at bignetonline dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall virus protection?
 Date:  Thu, 15 Nov 2007 10:08:20 +0500
It has to have a proxy for each protocol. So if you are receiving
email the Fortigate would need a POP proxy, download the whole email ,
inspect it and any attachments then send it onto the user.
It increases the complexity of the machine (so you might get bugs
bringing down your firewall), vastly increases the attack surface
(m0n0 is essentially invisible to the outside attacker in many cases)
and so reduces the security of the firewall. Sure you should inspect
traffic before it gets to the user, but it should be done on an
another machine , in this case I would want the email to be inspected
by the mail server.

Unfortunately this is what the future looks like because users like
having a machine that does everything.


On Nov 15, 2007 9:52 AM, Joe Lagreca <joe at bignetonline dot com> wrote:
> A customer of mine recently replaced their m0n0wall with a Fortigate
> firewall because of two "benefits" of the fortigate.  First they liked
> the content filtering fortigate offered.  They also liked the firewall
> virus protection.
> I'm a little unclear on exactly how a firewall does virus protection?
> I'm sure its not smart enough to inspect all packets.  Especially if
> they are encrypted point to point, like Skype file transfer.  Can
> anyone explain how firewall virus protection is better than what
> m0n0wall offers?
> Thanks.
> --
> Joe LaGreca
> Founder & Owner, BIGnet Online
> 619-393-1733 Office
> 619-318-3246 Cell
> www.BIGnetOnline.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch