Check out the firewalls mailing list archives. Last year (somewhere in november) I was doing a penetration test and audit on FW-1 and could break the FW. Though it was not a bug in FW-1 it had something to do with it's complex configuration in that specific case. But the thread contains interesting discussions any how. [ IDS Moderator: The article was posted on Friday 8th Nov. ] In general I find the rule base of FW-1 somewhat confusing. Any time you change a rule we had to regenerate the base. When you forget that, the rule won't work. This can be awesome when during some strange events or attack you want to change some rules on the fly. What I would recommend is to explicitly define filters and do not use the rule base (BTW, the rule base contains some config options for default services such as ICMP, DNS, finger, etc...) If you need any help, do not hesitate to contact me, Arjan Vos KPMG EDP Auditors >---------- >From: Liew[SMTP:p-lliew@acslink.aone.net.au] >Sent: dinsdag 7 januari 1997 13:35 >To: ids@uow.edu.au >Subject: Checkpoint's Firewall-1 (v2.0) > >I'm doing an audit on the security adequacy of our corporation's firewall >and proxy servers. Does anyone know much about Checkpoint's Firewall >product? Has it got any known shortcomings? I'll be grateful if someone >could send me some details? > >[ Moderator Note: You might also like to try the firewalls mailing list >firewalls@GreatCircle.com ] > >Thanks. >