Netscreen 5gt

So why does netscreen have both "approve" and "deny" policies? I mean isn't everything that isn't approved automatically (logically) denied?

Reply to
Davej
Loading thread data ...

Assume you want to allow an IP range, but want to exclude one or more subranges.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

I guess that makes sense. The thing that got me was that when I put the thing into "home-work" mode it had a default set of four policies;

untrust to work =3D deny untrust to home =3D deny home to work =3D permit work to home =3D deny

Since the default is "deny" it seems that three of the four policies accomplish nothing.

Reply to
Davej

I'm not familiar with Netscreen, but don't these policies *define* the default behavior?

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

I'm happy now. All I need is...

home to untrust =3D permit work to untrust =3D permit

Reply to
Davej

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.