Protocols and Authentication Methods of AIX Firewall

ITEM: RTA000153598

Topic thread:                                                                   
RALEIGH NETWORKING SUPPORT CENTER (RALY - NA/ATS)                               
 IBM COMMERCEPOINT                                                              
  IBM eNetwork Firewall V3.2 for AIX                                            
I received the following questions from another IBMer.  Outside of IP           
and ICMP, I'm not sure that we support any of the following.  I haven't         
ever heard of many of them.  Whatever info you could provide would be           
appreciated.  The IBMer indicated his request was urgent.  Thank you.           
a)  Are these protocols supported by the AIX Firewall?                          
b)  Is the OSI multi-layer security inspection covered from                     
    layer/level 2 to 7?                                                         
c) Are the following authenticacion methods/features supported?                 
  - Password system                                                             
  - Users: Secureremote, RADIUS, Axent                                          
  - Sessions                                                                    
  - Clients: Secureremote, RADIUS and Axent                                    
  - Full support for servers protection in internal network                     
I've talked to a couple of people about these questions, and got some           
good feedback.  Here's what I got from the Firewall Development team            
on the protocols;                                                               
***********************  Development team answers *****************             
Mbone is not a protocol; it is the Multicast backbone, a sort of                
IP-in-IP set of tunnels created to multicast traffic across the                 
Internet.  UFP and SAMP are CheckPoint proprietary protocols, kind of           
like CVP, except UFP is a URL Filtering Protocol, and SAMP is the               
Suspicious Activity Monitoring Protocol.                                        
We don't do anything to prevent multicast or enable it.  IGMP                  
(multicast routing protocol messaging) packets are UDP packets on a             
specific port number, much like OSPF or RIP.  They can be allowed               
through the FW.  Actual multicast packets should essentially just pass          
through the firewall if they are specifically permitted, based on IP            
address.  The FW does not monitor the IGMP packets and act on them to           
permit or deny multicast groups.                                                
We don't support UFP, CVP and SAMP.                                             
No, we don't use RPC or LDAP.                                                   
**************************   END DEVELOPMENT ANSWER  *****************          
The answer to 'b)', is a question that seems to be for an AS/400                
environment.  We only support AIX & NT Firewalls, but there is a                
group that supports an AS/400 Firewall within IBM.  I don't have a             
contact, but here's a URL;                    
Question 'c)';Secure authentication methodologies we use are via                
Security Dynamics SecurID card (PIN number and randomly generated               
number that changes every 30 seconds). I'm guessing since most of               
these questions seem to be comparing Check Point to the IBM Firewall            
if Secureremote is a similar methodology by another company.  Your              
client should contact RADIUS for a IBM Firewall plug-in that will               
allow the RADIUS server to work with our Firewall.  Axent is in plan            
to work with our Firewall next year.  The last line 'full support,...'          
is Marketing-speak.  If you have a firewall in place, the firewall              
protects the servers on the internal network, so yes, our Firewall              
will do that.                                                                   
Thanks for using ASKQ.                                                         

WWQA: ITEM: RTA000153598 ITEM: RTA000153598
Dated: 11/1998 Category: FIREWAIX
This HTML file was generated 99/06/24~12:43:41
Comments or suggestions? Contact us