[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Real Audio and stateful packet filters
From:       kmoriarty () factset ! com
Date:       1999-11-24 21:24:12
[Download RAW message or body]

Hello,

I have been testing a few stateful packet filtering firewalls, the
Lucent Managed Firewall and the PIX.  I am in the middle of playing with
a PIX running 5.02 code and have a question.  I have an outbound access
list configured to narrow down the list of allowed protocols through the
firewall and started to test Real Audio.  It looks as if the only option
is to allow the TCP control port 7070 plus the 100 UDP port range
(6970-7070) for the data.  I need to test Real Audio and would like to
tie it down as much as possible.  I was hoping there was a way to have
the firewall know which associated UDP port needs to be opened
dynamically so I would not have to blindly open the complete range of
UDP ports for outbound access.  The Lucent managed firewall has this
capability and Checkpoint has had it since 1995.  Beside blocking Real
Audio :-)  does anyone have a suggestion with the PIX?  I don't think
there are any other possibilities in this scenario, but thought it might
be worth asking.

I spoke to a Cisco tech who said this feature was not available and I
would have to put a request in through our sales person for such a
feature.  They said I was the first to ask this feature, which I find
hard to believe.  I did put in the request, but I would love to hear
what other people are doing about protocols like Real Audio, if they are
permitted.

Thank you,
Kathleen

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

[prev in list] [next in list] [prev in thread] [next in thread]