> >And what about the default of the ports 256, 257, 258 and 259 appearing on >every interface? A little concerning, since they are not listed in the >table of ports in the main manual. Even more concerning when I'm told >they are for secure remote support, logging and configuration control! >This obscurity makes one rather nervous. > <snip> This was addressed a while ago in the only other security bulletin I have seen for Firewall 1 in over a year (the latest being along the same lines except for DNS). The default is to allow Firewall Control Connections - First. This being snmp has obvious implications. The ports it uses are defined in the services objects. If you have trouble understanding the was the First/Before Last/Last options it actually explains it in the under "Enable ICMP" in the "Security Policy" section. Basically as a rule put everything as "Last" in the security policy tab, that way everything is either logged, explicitly allowed/dropped or explicity not logged. I personally dont think the "default" settings to be a bug. The default settings has no policy. The policy is what you build. Simon Finn
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:31 PDT