[ previous ] [ next ] [ threads ]
 From:  "Joe Lagreca" <joe at BIGnetOnline dot com>
 To:  sai <sonicsai at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall virus protection?
 Date:  Wed, 14 Nov 2007 21:22:52 -0800
I'm not so concerned with the single point of failure.

Users will now have to use a proxy to check their email?  If they
don't configure the proxy, they aren't getting any virus protection
from the firewall?

I thought it did some sort of deep packet inspection, and just
monitored all traffic that comes in and goes out.  However I was
curious exactly how it does this, especially for encrypted traffic
(not encrypted by the fortigate).  I thought it can monitor plain POP3
traffic, but what if you are using a ssl cert with your POP3 server,
then it probably wouldn't work.

Or lets say users are connecting to gmail via ssl, the fortigate
wouldn't be able to block file downloads.


On Nov 14, 2007 9:08 PM, sai <sonicsai at gmail dot com> wrote:
> It has to have a proxy for each protocol. So if you are receiving
> email the Fortigate would need a POP proxy, download the whole email ,
> inspect it and any attachments then send it onto the user.
> It increases the complexity of the machine (so you might get bugs
> bringing down your firewall), vastly increases the attack surface
> (m0n0 is essentially invisible to the outside attacker in many cases)
> and so reduces the security of the firewall. Sure you should inspect
> traffic before it gets to the user, but it should be done on an
> another machine , in this case I would want the email to be inspected
> by the mail server.
> Unfortunately this is what the future looks like because users like
> having a machine that does everything.
> sai
> On Nov 15, 2007 9:52 AM, Joe Lagreca <joe at bignetonline dot com> wrote:
> > A customer of mine recently replaced their m0n0wall with a Fortigate
> > firewall because of two "benefits" of the fortigate.  First they liked
> > the content filtering fortigate offered.  They also liked the firewall
> > virus protection.
> >
> > I'm a little unclear on exactly how a firewall does virus protection?
> > I'm sure its not smart enough to inspect all packets.  Especially if
> > they are encrypted point to point, like Skype file transfer.  Can
> > anyone explain how firewall virus protection is better than what
> > m0n0wall offers?
> >
> > Thanks.
> >
> > --
> > Joe LaGreca
> > Founder & Owner, BIGnet Online
> > 619-393-1733 Office
> > 619-318-3246 Cell
> > www.BIGnetOnline.com
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >

Joe LaGreca
Founder & Owner, BIGnet Online
619-393-1733 Office
619-318-3246 Cell