Q:
Topic thread:
RALEIGH NETWORKING SUPPORT CENTER (RALY - NA/ATS)
IBM COMMERCEPOINT
IBM eNetwork Firewall V3.2 for AIX
I received the following questions from another IBMer. Outside of IP
and ICMP, I'm not sure that we support any of the following. I haven't
ever heard of many of them. Whatever info you could provide would be
appreciated. The IBMer indicated his request was urgent. Thank you.
a) Are these protocols supported by the AIX Firewall?
RPC
ICMP
Mbone
LDAP
UFP
CVP
SAMP
IP
b) Is the OSI multi-layer security inspection covered from
layer/level 2 to 7?
c) Are the following authenticacion methods/features supported?
- Password system
- Users: Secureremote, RADIUS, Axent
- Sessions
- Clients: Secureremote, RADIUS and Axent
- Full support for servers protection in internal network
A:
David,
I've talked to a couple of people about these questions, and got some
good feedback. Here's what I got from the Firewall Development team
on the protocols;
*********************** Development team answers *****************
Mbone is not a protocol; it is the Multicast backbone, a sort of
IP-in-IP set of tunnels created to multicast traffic across the
Internet. UFP and SAMP are CheckPoint proprietary protocols, kind of
like CVP, except UFP is a URL Filtering Protocol, and SAMP is the
Suspicious Activity Monitoring Protocol.
We don't do anything to prevent multicast or enable it. IGMP
(multicast routing protocol messaging) packets are UDP packets on a
specific port number, much like OSPF or RIP. They can be allowed
through the FW. Actual multicast packets should essentially just pass
through the firewall if they are specifically permitted, based on IP
address. The FW does not monitor the IGMP packets and act on them to
permit or deny multicast groups.
We don't support UFP, CVP and SAMP.
No, we don't use RPC or LDAP.
************************** END DEVELOPMENT ANSWER *****************
The answer to 'b)', is a question that seems to be for an AS/400
environment. We only support AIX & NT Firewalls, but there is a
group that supports an AS/400 Firewall within IBM. I don't have a
contact, but here's a URL; http://www.as400.ibm.com/firewall
Question 'c)';Secure authentication methodologies we use are via
Security Dynamics SecurID card (PIN number and randomly generated
number that changes every 30 seconds). I'm guessing since most of
these questions seem to be comparing Check Point to the IBM Firewall
if Secureremote is a similar methodology by another company. Your
client should contact RADIUS for a IBM Firewall plug-in that will
allow the RADIUS server to work with our Firewall. Axent is in plan
to work with our Firewall next year. The last line 'full support,...'
is Marketing-speak. If you have a firewall in place, the firewall
protects the servers on the internal network, so yes, our Firewall
will do that.
Thanks for using ASKQ.
WWQA: ITEM: RTA000153598 ITEM: RTA000153598
Dated: 11/1998 Category: FIREWAIX
This HTML file was generated 99/06/24~12:43:41
Comments or suggestions?
Contact us