some ckp irritations - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: some ckp irritations

  1. #11
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    really. Actually If I could get some money from these tight fisted *&@# that run the corp then I would try something else. Like maybe sunscreen, but where I am right now it's overcast.
    Trappedagainbyperfectlogic.

  2. #12
    Member
    Join Date
    Feb 2002
    Posts
    42
    Hmm, would someone name a *good* reason why NOT to run CP or run SunScreen in favour? Your discussions seem pretty weird and anyone that has been into the FW industry and has learnt CP in a correct manner knows that no other product could compete, be it PIX, Raptor, Gauntlet or even StoneSoft's StoneGate..

    name something serious and I'll find a way to access SunScreen, I bet it wont compete with CP as usual...

    SOMETHING SERIOUS...
    etsh911

  3. #13
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    How about this good reason: I don't like it. I don't think it's as good as Sunscreen.


    As for the rest of your post, it doesn't make sense. Are you trying to say that if you don't run CP, you don't know what you are doing? Please.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #14
    Member
    Join Date
    Feb 2002
    Posts
    42
    WoW! u don't like it, Man, I wonder how that didn't become an industry standard...

    What on earth do u mean by u don't like it, if SunScreen has something to offer then name it, and show everyone on this forum how great your SunScreen and you knowlege are.

    I have previously demonstrated point that make CP excel other FWs on this forum and ANYONE on the fw1-wiz list knows that I know my ****..

    etsh911

  5. #15
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Sunscreen offers stealth mode. In other words it runs in bridged mode, no IP stack to speak of. Now, how useful do you think a firewall with non-IP interfaces is?
    (*hint*very useful*hint*)

    Keep in mind I'm a user and not a high and mighty developer, such as yourself, so forgive my ignorance. But, I believe this is major difference between the two. As far as I know CP doesn't offer that capability. Or does it?
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #16
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    etsh911 - I don't see how you have taken offense in this matter. I am upgrading from 41 to ng, which, of course, is still ckp. I don't know why my discussions are weird - I've been with ckp for +3 years and if there is some things that are annoying about it I'll say so. The product is still good, I just think pix might be better. Our company runs at least all of the popular fws and there is good and bad with each one.
    Trappedagainbyperfectlogic.

  7. #17
    Junior Member
    Join Date
    Nov 2001
    Posts
    18
    I joined this site hoping to gain some insite in CPfw and Security. I'm new to this whole thing so I hope you'll excuse me for getting into this discussion. I am a backup FW admin on a CPfw4.1 sp-1 and have been having alot of trouble with AOL mail. YA I know but what doctors want doctors get. Anyway, users can log into AOL at the home page successfully but when they attempt to access their mail the "Detect Network Settings" on IE comes up. This happens on 4.0 sp2 through 6.0. I'm not seeing anything being blocked or otherwise not connected in the fwlog. AOL is of course of no help and CP well is CP. Anybody seen this, its only been affecting us for 4-6 weeks.

  8. #18
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Not to ignore you imchaser but I'd like to think etsh911 will come back and show me what's what, you know? This is the second time I've brought up valid points and I have yet to see an intelligent response from him. So? You called me out, with the insults and such, and now where are you? Hmmmm..
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  9. #19
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    KorpDeath:

    Please forgive my ignorance a I am also a CP and PIX guy...Have never really done much with Sunscreen.

    I am just wondering how a firewall works in stealth mode...you obviously can't keep state if there is no TCP/IP right? Also, what about NAT, how would that work...I am assuming you would have to do it on your router..

    I have heard of IDS being able to run in stealth because it is only passively inspecting traffic but I never knew you could or would want to do this with your FW. I would also think that it would make centralized management almost impossible unless you have an interface with an ip stack bound to it on a management LAN (which is what I am assuming you do).

    Most importantly, how would the firewall filter at layer 3 and 4 (like a normal FW does) without an IP stack bound to the interface? Bridging is done at layer 2...

    Again I am just asking questions because I have never used it and do not know...but I would like to learn more.

  10. #20
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Well. It does have a state table. It's all about the drivers.

    If you are running the firewall in stealth mode you shouldn't use it to NAT. It will work but the performance will be slow.

    As for management, it uses SKIP.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •