Netscreen 5gt

- D
- Davej
  
  Contact options for registered users
posted
13 years ago

Sun, Jan 24, 2010 6:37 AM

So why does netscreen have both "approve" and "deny" policies? I mean isn't everything that isn't approved automatically (logically) denied?

Loading thread data ...

- A
- Ansgar -59cobalt- Wiechers
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Sun, Jan 24, 2010 2:07 PM

Assume you want to allow an IP range, but want to exclude one or more subranges.

59cobalt

- D
- Davej
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Mon, Jan 25, 2010 3:59 PM

I guess that makes sense. The thing that got me was that when I put the thing into "home-work" mode it had a default set of four policies;

untrust to work =3D deny untrust to home =3D deny home to work =3D permit work to home =3D deny

Since the default is "deny" it seems that three of the four policies accomplish nothing.

- A
- Ansgar -59cobalt- Wiechers
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Mon, Jan 25, 2010 7:14 PM

I'm not familiar with Netscreen, but don't these policies *define* the default behavior?

59cobalt

- D
- Davej
  
  Contact options for registered users
Vote on answer
posted
13 years ago

Mon, Jan 25, 2010 7:51 PM

I'm happy now. All I need is...

home to untrust =3D permit work to untrust =3D permit

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.