|
Firewall Wizards
mailing list archives
Re: Sonicwall or Watchguard
From: Eric Budke <budke () budke com>
Date: Tue, 11 Dec 2001 11:30:18 -0500
At 12:07 PM 12/10/2001 -0800, B. James Phillippe wrote:
On Sat, 8 Dec 2001, Eric Budke wrote:
> And the "VPN" solution is really false advertising. It just opens up a
> hole in your firewall. If you are using any sort of NAT, you have now
> opened up a whole in your firewall for all the other users behind that
> nat to get in.
I don't understand what you mean here. I have used WatchGuard's VPN
(IPSec) and NAT and have not had any security issues; the VPN tunnel is
configured completely separate to the NAT and security policies, and both
NAT and security policies can be applied to VPN traffic (within the
tunnel).
Perhaps this is the case with the hardware based endpoints. But those
aren't the most convenient things to be carrying around with you all over
the country/world (besides, just try getting a hotel room outside the US
with DSL in the rooms on a regular basis). The java app doesn't do this,
and while you can limit the boxes one can "tunnel" through to, you are
opening up everyone behind the NAT to those same boxes. Aside from that,
the thing doesn't work behind a proxy (I have had vpn clients/servers that
allowed for this).
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: Sonicwall or Watchguard, (continued)
|
Intro
