firewall-wizards digest, Vol 1 #1636 - 8 msgs

Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com

You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."

Today's Topics:

1. Re: The Death Of A Firewall (Christine Kronberg)
2. RE: Intel vs. special purpose FW-1 servers (Paul Melson)
3. Re: RE: SSH brute force attack (Christine Kronberg)
4. Re: VOIP versus PBX (Marcus J. Ranum)
5. RE: Forwarding traffic to an active IDS/Firewall (Paul Melson)
6. Re: Forwarding traffic to an active IDS/Firewall (Dale W. Carder)
7. RE: Intel vs. special purpose FW-1 servers (Paul Melson)
8. RE: Intel vs. special purpose FW-1 servers (Sawyer, Christopher)

--__--__--

Message: 1
Date: Thu, 21 Jul 2005 16:54:08 +0200 (CEST)
From: Christine Kronberg <Christine_Kronberg@genua.de>
To: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] The Death Of A Firewall

On Mon, 18 Jul 2005, Martin Hoz wrote:
> On 7/9/05, James Paterson <jpaterson@datamirror.com> wrote:
>> http://www.securitypipeline.com/165700439
>>
>> Be interesting to get the communities take on this article.
>>
>
> I'd like to raise a couple of things:
> A) the article says " By defining simple ACLs, we further isolate our
> backend servers" - I ask, is not an ACL a firewall after all? - Packet
> filter, but I think it fits in the definition of a firewall.

I disagree. A firewall is far more than a simple packet filter.
There is whole concept to fulfil.

> So, this makes me thing the author still thinks that some form of
> firewall still has some use in the network, AFA I can tell
>
> B) "The servers and their respective applications sit in their own
> DMZ, protected by an Application-layer firewall". So, an application
> firewall still has some uses too...

Yes, definitely. :-)

> I find the article interesting but contradictory... because, if the
> firewall is dead, how come there are still good uses to it?

Perhaps because "a" firewall is not "the" firewall? I, too, think
that there are several points open for discussion. I like the idea
of thinking the internal clients as not safe and putting them on the
same stage as the external clients.
There was something said about that "secure OS" ... and then ADS was
mentioned. I wonder how that is supposed to work together. Also that
part about middleware. Most middleware implementations I'm aware of
are a nightmare for security.

Yet, that article gave room for thinking and rethinking.

Have fun,

Chris Kronberg.

--
GeNUA

--__--__--

Message: 2
From: "Paul Melson" <pmelson@gmail.com>
To: "'Emily Conrad'" <emilydconrad@hotmail.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers
Date: Thu, 21 Jul 2005 11:04:12 -0400

IMHO, there's no longer any viable reason to buy new Nokia/IPSO appliances
to run Check Point. You can match or exceed scale and performance with
SecurePlatform on cheaper x86 server hardware. And now that clustering is
part of NG-AI, Nokia's got nothing on SecurePlatform.

Crossbeam boxes, which I have no hands-on experience with, have extremely
high port density. If that's helpful, for instance if you need 10 firewall
interfaces per 1U of rack space, then these may be your only option (short
of looking at Cisco chassis switches with FWSM blades).

Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces,
so you can turn a single physical interface on a SecurePlatform box into a
dozen or more logical interfaces by connecting to a switch that supports
VLAN tagging.

Anyway, my advice is to assume that you will be running SecurePlatform on
some x86 server (see HCL:
http://www.checkpoint.com/products/supported_platforms/secureplatform.html)
and then only select a different product if your environment requires it.

PaulM

-----Original Message-----
Subject: [fw-wiz] Intel vs. special purpose FW-1 servers

Hello,

We are working on a project to upgrade our firewall infrastructure.

One of the questions is whether to use FW-1 on a standard Intel server or to
use a special-purpose optimized version of FW-1 on a dedicated hardware
platform such as Nokia firewall appliance or Crossbeam systems C30/X40.

Does anyone have any advice on what factors are important when making such a
decision?

--__--__--

Message: 3
Date: Thu, 21 Jul 2005 17:23:23 +0200 (CEST)
From: Christine Kronberg <Christine_Kronberg@genua.de>
To: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] RE: SSH brute force attack

On Tue, 19 Jul 2005, Mark Ness wrote:

> I have seen lots of views on this subject, and if your security is good, the
> chances of any of these
> attacks getting in are minimal, but the possibility is there, and, since
> these are not customers viewing
> our home pages, but deliberate attempts at a login through ssh where they
> have no business trying to l
> login in the first place (many of them attempts at root) they are only
> interested in breaking in for
> whatever purpose, who knows. Maybe just for the challenge? Maybe to hijack
> your box? Maybe ID theft?

To install any kind of irc tools (psybnc and energy mech are favourites),
rootkits, phishing- and spamware, DoS and scanning tools. At least that's
what the kiddies tried on my homebred honeypot. So in my opinion those who
try have a criminal intention.

Have fun,

Chris Kronberg.

--
GeNUA mbH

--__--__--

Message: 4
Date: Thu, 21 Jul 2005 11:25:53 -0400
To: "Yehuda Goldenberg" <Yehuda@nj.essutton.com>,
<firewall-wizards@honor.icsalabs.com>
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] VOIP versus PBX

Yehuda Goldenberg wrote:
>What else do I have to worry about with VOIP?

We don't know much about the security of VOIP PBXes but since they were
largely developed by "phone guys" I'm comfortable assuming that there is little
or none. So you have the issue of accidental or deliberate denial-of-service
against desktop phones, but also the potential that the PBX can be attacked
over the in-band network that's used to manage it. Because you *KNOW*
that whoever manages the PBX will want to access it from their desktop
workstation not a workstation on a separate VLAN.

The protocols used for VOIP are "problematic" let us say. "Designed by
people who ignored security" might be a less tactful way to say it.
"Moronic" also comes to mind. That said, there appear to be so many of
them that it's hard to nail down whether you'll have a problem or not; it
depends on what you wind up using and where/how. The situation is
comparable to wireless - getting it all working in default mode is easy.
Getting it all working safely is hard and may be impossible.

Lastly, inevitably, someone will want to do VOIP with the outside world.
For cost saving reasons, or whatever (but really so they can talk to their
kid in college for "free") so there will be a move to let the VOIP through
your firewall. Then you will discover VOIP-spam. Of course the guys
who designed VOIP systems didn't take that into account, either.

Like every other "new widget technology" VOIP will eventually mature
just around the time that it's being replaced by some cool new new
widget technology that didn't take into account any lessons learned
from the last new widget technology. But there will be loads of vendors
with a $15,000 1-U rack-mount appliance that offers a complete solution
that fixes all those problems.

mjr.

--__--__--

Message: 5
From: "Paul Melson" <pmelson@gmail.com>
To: "'Vinicius Pavanelli Vianna'" <ds@hacked.com.br>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] Forwarding traffic to an active IDS/Firewall
Date: Thu, 21 Jul 2005 12:05:49 -0400

I'm not sure I have a clear understanding of what you're asking for, but in
effect, the 'fwd' command of ipfw does simple policy routing. Depending on
the model and OS version of your switch, policy routing should be possible.
See:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration
_guide_chapter09186a00801cdf81.html#1260543

PaulM

-----Original Message-----
Subject: [fw-wiz] Forwarding traffic to an active IDS/Firewall

Hi all,

Anyone knows how I can forward all traffic the came to a Cisco Catalyst
swith to an gateway to do some IDS/Firewall/Traffic Shape?
In ipfw (freebsd) this would be done by an "fwd" rule to forward all packets
to an forced gateway, this can be done in an cisco device or i need to
emulate all the valid IPs on the switch and use a VLAN with the servers so
the IDS receive the packets and forward to the internal VLAN, this would be
a little harmful ;)

--__--__--

Message: 6
Date: Thu, 21 Jul 2005 11:18:49 -0500
From: "Dale W. Carder" <dwcarder@doit.wisc.edu>
To: Vinicius Pavanelli Vianna <ds@hacked.com.br>
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall

Thus spake Vinicius Pavanelli Vianna (ds@hacked.com.br) on Wed, Jul 13, 2005 at 06:39:35PM -0300:
> Anyone knows how I can forward all traffic the came to a Cisco Catalyst
> swith to an gateway to do some IDS/Firewall/Traffic Shape?

Use a policy route to force the next-hop. I think that's the
closest thing to what you want. However, given that traditional
switches are more or less agnostic to layer 3 information, you can't
do that unless you have a switch with a routing card, or actually
have a router.

If you're only looking for IDS stuff, most high end switches support
port mirroring.

So, a layer-2 solution could use vlans and have your IDS/Firewall/Traffic
Shape thingy route, bridge, or proxy-arp between them.

Or, use a PC or some other device that can make switching decisions
based on higher level stack information.

Dale

----------------------------------
Dale W. Carder - Network Engineer
University of Wisconsin at Madison
http://net.doit.wisc.edu/~dwcarder

--__--__--

Message: 7
From: "Paul Melson" <pmelson@gmail.com>
To: "'Keith A. Glass'" <salgak@speakeasy.net>,
"'Emily Conrad'" <emilydconrad@hotmail.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers
Date: Thu, 21 Jul 2005 12:19:00 -0400

Starting with NG-AI, Check Point has its own clustering capability. And,
with some rare but painful exceptions, it works with a typical default
switch configuration. No need for Nokia, Nortel, or software-based HA.

For all intents and purposes SecurePlatform causes your x86 hardware to act
as an appliance. (It's just a stripped down RPM-based Linux distro, but
Nokia/IPSO is BSD, so...)

PaulM

-----Original Message-----
Subject: Re: [fw-wiz] Intel vs. special purpose FW-1 servers

2. Are you looking to CLUSTER FW-1 for HA or load balancing ? If so, you
will DEFINITELY need to look for an optimized appliance-based solution.
And, based on my experience, I'd suggest the Nortel "Alteon" systems for
FW-1: a pair of Alteon Directors and a pair of compatible Alteon
Accelerators give you a clustered solution that doesn't require you to play
any oddball Cisco tricks on your switches, allows you a NUMBER of
separated nets behind the firewall, and even multiple DMZs. I've used Nokia
IP-series before, as well as FW-1 on Solaris, and can't say enough about the
Alteon platform. . .

--__--__--

Message: 8
Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers
Date: Thu, 21 Jul 2005 13:50:25 -0400
From: "Sawyer, Christopher" <Christopher.Sawyer@getronics.com>
To: "Paul Melson" <pmelson@gmail.com>,
"Emily Conrad" <emilydconrad@hotmail.com>,
<firewall-wizards@honor.icsalabs.com>

This is a multi-part message in MIME format.

------=_NextPart_000_001E_01C58DFB.253F2490
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

I agree the SPLAT is awesome, but what about he costs of VPG or HVPG
licenses need to run clustering on the SPLAT boxes...

The cost to convert our existing and the maintence on these licenses exceed
most Nokia hardware prices which comes with VRRP for free.

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Paul Melson
Sent: Thursday, July 21, 2005 11:04 AM
To: 'Emily Conrad'; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers

IMHO, there's no longer any viable reason to buy new Nokia/IPSO appliances
to run Check Point. You can match or exceed scale and performance with
SecurePlatform on cheaper x86 server hardware. And now that clustering is
part of NG-AI, Nokia's got nothing on SecurePlatform.

Crossbeam boxes, which I have no hands-on experience with, have extremely
high port density. If that's helpful, for instance if you need 10 firewall
interfaces per 1U of rack space, then these may be your only option (short
of looking at Cisco chassis switches with FWSM blades).

Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces,
so you can turn a single physical interface on a SecurePlatform box into a
dozen or more logical interfaces by connecting to a switch that supports
VLAN tagging.

Anyway, my advice is to assume that you will be running SecurePlatform on
some x86 server (see HCL:
http://www.checkpoint.com/products/supported_platforms/secureplatform.html)
and then only select a different product if your environment requires it.

PaulM

-----Original Message-----
Subject: [fw-wiz] Intel vs. special purpose FW-1 servers

Hello,

We are working on a project to upgrade our firewall infrastructure.

One of the questions is whether to use FW-1 on a standard Intel server or to
use a special-purpose optimized version of FW-1 on a dedicated hardware
platform such as Nokia firewall appliance or Crossbeam systems C30/X40.

Does anyone have any advice on what factors are important when making such a
decision?

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

------=_NextPart_000_001E_01C58DFB.253F2490
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIXJzCCAmkw
ggHSoAMCAQICAw4dizANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDUwMjIzMTgzMjMxWhcNMDYwMjIzMTgzMjMxWjBSMR8wHQYDVQQD
ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMS8wLQYJKoZIhvcNAQkBFiBDaHJpc3RvcGhlci5TYXd5
ZXJAR2V0cm9uaWNzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3QHjrscmYO4CFBz3
+1ww3K7bw+9U6CFSPnSp2i/g2/WXljD8RruZf3/AhXlnfI7fx1qiH2x5dSfdpgzeZhUAyAz0OVjj
UV1qEmoDnZu/gKnTfU9wQsXjBcUOfaVfNynSe8j/NEhg7W6iv6XXiC2ISI5JL5oQidmVtXdHyJ3d
eacCAwEAAaM9MDswKwYDVR0RBCQwIoEgQ2hyaXN0b3BoZXIuU2F3eWVyQEdldHJvbmljcy5jb20w
DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCCDtIyY9HDA9LvXwJq+/B4p0YWI8afkPAl
To41LTu3Cxo9Q5HgLLmwEK+8DFwcmtfK7c/vYNMo2Mxw67LJt+mh2XqInbhELO/c+HtYPRh9klxK
OzAq6BtJ38sZWWAiz7cn8QZ6JYb15wNjogvzwpxv5SZezQBHaJ1c8n89xXfNLDCCAy0wggIVoAMC
AQICEGXWFT0ZxhK3SzQgtAGy6+4wDQYJKoZIhvcNAQEFBQAwKTEVMBMGCgmSJomT8ixkARkWBVVO
SVRZMRAwDgYDVQQDEwdQS0lST09UMB4XDTA1MDIxODIwMzM1OFoXDTIxMDIxODIwNDIyMlowKTEV
MBMGCgmSJomT8ixkARkWBVVOSVRZMRAwDgYDVQQDEwdQS0lST09UMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqs/dUl3v6dT3hQ/y3wamodLfNNNFeCSuaQ0mZrwuwxTIQreKjhkQtkgW
/m8d/AJmInfSsgYa298ADH1L7hUxZ8gwfJm2x1MpHWZ6eicO7oLERVXZ4o/W9vR/qaHdej6oIgca
exf6wa1RuBb/gQDOCkUtJcxGDJj2NzrQh9q9FuiScjpRAQnpOny2pRXM+gKOuwGcEl/ZRHqXdSy0
M/ZyJcIBsqC6hG7VLnFpIYV+6sNtvsrd5kMYSt8Fi1B0jpb65onHQYx46kxzAZsh3rXzPlWlhdCW
Nr6q2tu7u/E7VtvGTksoNe2lRRhZ5gZ8FSg+rcM/JfkAQ73WOri0w08VvQIDAQABo1EwTzALBgNV
HQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUj6UGnzXaixnzXJnvxjDUnaEubpMw
EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAE75KkawH2l6MrhGMPdJ8GG1FxaP
OLt71XtthJsdUbRr27BGaz9LftRnYKqLf5TRZcQVSDZ0RaAmjWmBjGYu89vU9CaY7bTaLsWS14eo
BFXuRvyqLvGH1ck/ate3j5KfNjyStAH3dUHyk/JCT2m4WJgD4OwVc4L4yOZfX2o085/e7Y4PjM4R
rjOWOFWFVnrPom+vBa/BewwwCGgc0O9j6bKnSFyR2jqRG6JlA/F+GiTbnkVORfEofh2HLN47JZeY
NC9G/hmQH6erDuZblQOnGMspmCehODsjtZLTM0KvaCVaZy4hEe3XM5u1Rm49oqC9jhA2lw+LWOxM
VquT1+cxoVowggMtMIIClqADAgECAgEAMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQGEwJaQTEV
MBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0
ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQw
IgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNv
bmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNOTYwMTAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCB
0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJ
KoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDUadfUsJRkW3HpR9gMUbbqcpGwhF59LQ2PexLfhSV1KHQ6QixjJ5+Ve0vvfhmH
HYbqo925zpZkGsIUbkSsfOaP6E0PcR9AOKYAo4d49vmUhl6t6sBeduvZFKNdbnp8DKVLVX8GGSl/
npom1Wq7OCQIapjHsdqjmJH9edvlWsQcuQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBBAUAA4GBAMfskn5O+PWWpWdiKqTwTRFg0G+NYFhhrCa7UjVcCM8w+6hKloofYkIjjBcP
9LpknBesRynfnZhe0mxgcVyirNx54+duAEcftQ0o6AKd5Jr9E/Sm2Xyx+NxfIyYJkYBz0BQb3kOp
gyXy5pwvFcr+pquKB3WLDN1RhGvk+NHOd6KBMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUF
ADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBU
b3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSsw
KQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAw
MFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0
aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5n
IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7s
vc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV
84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGR
MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUu
Y29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCk
HjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL
LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoL
gnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT
HUb/XV9lTzCCBT4wggQmoAMCAQICCjM/5wEAAAAAAAIwDQYJKoZIhvcNAQEFBQAwKTEVMBMGCgmS
JomT8ixkARkWBVVOSVRZMRAwDgYDVQQDEwdQS0lST09UMB4XDTA1MDIyODE4MjMzOFoXDTEzMDIy
ODE4MzMzOFowKDEVMBMGCgmSJomT8ixkARkWBXVuaXR5MQ8wDQYDVQQDEwZQS0lTU0wwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DPwx3ZLGLnRUw/6TNeYjS/YMoOLv0S1MEeQrWTNZ
VuxHXDebb66Co2k+bt7P6CFIZiC38QaMj7kHmg7mtQArFYgODPWf8qOMrLgN/MtonIYy/xNZkm9W
Msbkc/w4O1FYI/pc6LsnhXT3Zg62Gts35jcrgNu1nDnACNlDBHRV2QHvOWAVCesXwukj87uVmoTz
mrHhHIhVge2vVVWVuOnulkMmdnwfF4U6FqfuTMDSpA+AQ7zq9rzoSBaQ/IhxSafY/5IsgH2n4Lrq
/mWDGqoNOZ99QPsQZgVx/4zXnxbyz3O/XRE6W1kSZ5JPabeVZlDnkndFhKEq9wPez0ODEM4DAgMB
AAGjggJnMIICYzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRnCa3scGLvNMzFfKzViDqM8CG+
ODALBgNVHQ8EBAMCAcYwEAYJKwYBBAGCNxUBBAMCAQAwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBD
AEEwHwYDVR0jBBgwFoAUj6UGnzXaixnzXJnvxjDUnaEubpMwgeUGA1UdHwSB3TCB2jCB16CB1KCB
0YYnaHR0cDovL3BraS5nZXRyYW5ldC5jb20vcGtpL1BLSVJPT1QuY3JshoGlbGRhcDovLy9DTj1Q
S0lST09ULENOPXBraXJvb3QsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl
cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dW5pdHk/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
dD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHtBggrBgEFBQcBAQSB4DCB
3TA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5nZXRyYW5ldC5jb20vcGtpL3BraXJvb3RfUEtJUk9P
VC5jcnQwgZ0GCCsGAQUFBzAChoGQbGRhcDovLy9DTj1QS0lST09ULENOPUFJQSxDTj1QdWJsaWMl
MjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPXVuaXR5P2NB
Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqG
SIb3DQEBBQUAA4IBAQBqOBtg09sgIxl2IEA3T99L7cdLWwv6+EgJ4cVUmi+M+PLAWZPARpFbdED0
F9ltxA4N6YoNbm80kQdQUEwiJX9w4dt2Y0k9wmDcKs+CHOGG6vffq0Ss4Gr4wg+ONCOxvw940JJu
faLWJ3HgcLCTvWRBh81C8h0kbAmL8uBQttMGuAOVEqfwlCUNHvsmiZyeIy9KtqWVDxJ3IeNBS7qy
AfaVYQsL5pfOeVSmkAl/ckPOl/AZW5ZdbngwAA4I3TwvwLc/7EkP/3ahXwbr7GPyVrHweA0xv+Hx
Yjq+L/xba8OceIJdBO8NW4KMCJgP4qOybfkzuqyhYXHJWYqex6jsaRLFMIIFzzCCBLegAwIBAgIK
YHDliwAAAAAArTANBgkqhkiG9w0BAQUFADAoMRUwEwYKCZImiZPyLGQBGRYFdW5pdHkxDzANBgNV
BAMTBlBLSVNTTDAeFw0wNTA2MDkxMjIyMjJaFw0wNjA2MDkxMjIyMjJaMIGgMRUwEwYKCZImiZPy
LGQBGRYFdW5pdHkxGDAWBgoJkiaJk/IsZAEZFghhbWVyaWNhczEMMAoGA1UECxMDR0lTMRAwDgYD
VQQLEwdUZXN0IE9VMRwwGgYDVQQDExNTYXd5ZXIsIENocmlzdG9waGVyMS8wLQYJKoZIhvcNAQkB
FiBDaHJpc3RvcGhlci5TYXd5ZXJAZ2V0cm9uaWNzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAuuLUeEIg93wGaPxw0P+mOXopMDFRlG4gOEldQiTCQ18ZpxksYMTDaqBOADtMvBXAChcg
9doa7x0ZDduXIl1P6rNl5nXFvKVDh6i044eJ5M2VJFjjH17kbCMu7qOpZK32WAMVrDEV0TY/Qg4R
XrbVxsM3EHUFNsLtYGxFqmQLakECAwEAAaOCAwQwggMAMAsGA1UdDwQEAwIFoDA2BgkqhkiG9w0B
CQ8EKTAnMA0GCCqGSIb3DQMCAgE4MA0GCCqGSIb3DQMEAgE4MAcGBSsOAwIHMB0GA1UdDgQWBBRc
2ElhovwS9UgPFir79ICdyId5gzAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAU
Zwmt7HBi7zTMxXys1Yg6jPAhvjgwgeIGA1UdHwSB2jCB1zCB1KCB0aCBzoaBo2xkYXA6Ly8vQ049
UEtJU1NMLENOPXBraXNzbCxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2Vy
dmljZXMsQ049Q29uZmlndXJhdGlvbixEQz11bml0eT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0
P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGJmh0dHA6Ly9wa2kuZ2V0cmFu
ZXQuY29tL3BraS9QS0lTU0wuY3JsMIHwBggrBgEFBQcBAQSB4zCB4DCBnAYIKwYBBQUHMAKGgY9s
ZGFwOi8vL0NOPVBLSVNTTCxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2Vy
dmljZXMsQ049Q29uZmlndXJhdGlvbixEQz11bml0eT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0
Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA/BggrBgEFBQcwAoYzaHR0cDovL3BraS5nZXRy
YW5ldC5jb20vcGtpL3BraXNzbC51bml0eV9QS0lTU0wuY3J0MCkGA1UdJQQiMCAGCisGAQQBgjcK
AwQGCCsGAQUFBwMEBggrBgEFBQcDAjBdBgNVHREEVjBUoDAGCisGAQQBgjcUAgOgIgwgQ2hyaXN0
b3BoZXIuU2F3eWVyQGdldHJvbmljcy5jb22BIENocmlzdG9waGVyLlNhd3llckBnZXRyb25pY3Mu
Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQCJS1ivb6YtLdChsBUgE4DFrilqUIZ0zBXphcc/OFedF8KC
YsU6A1ljWTvd3yvCzlN1xfz0czY4l6inR++ejp83bBR5epalfkUv57f7Hmu665pe9OGKcCRpc0Ly
992+DzZ5PY81nsyNLhOLJWHSyfPjt4lRucNyYJg17cS6pmwe4GYHWtXlg/rv2lkA2c9HsWwjYQks
w32AiEH4gHsrLv5ojAOJRL3xmhV4VLFHDy9yhxN85BlmdmrVSDVSBKakwvJblUNH4YD32Sa7asJn
g1bMPtGV987hinigTUPfiFwIxo04QISQjYcDHkGBK4GoJyxFta4Zt8VYE0GmWKDZafeBMYICaTCC
AmUCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw4dizAJ
BgUrDgMCGgUAoIIBVjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w
NTA3MjExNzUwMjVaMCMGCSqGSIb3DQEJBDEWBBQeHeeKfzV+kAdWBA21crIDxwLF8jBFBgkrBgEE
AYI3EAQxODA2MCgxFTATBgoJkiaJk/IsZAEZFgV1bml0eTEPMA0GA1UEAxMGUEtJU1NMAgpgcOWL
AAAAAACtMEcGCyqGSIb3DQEJEAILMTigNjAoMRUwEwYKCZImiZPyLGQBGRYFdW5pdHkxDzANBgNV
BAMTBlBLSVNTTAIKYHDliwAAAAAArTBnBgkqhkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqG
SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMC
GjAKBggqhkiG9w0CBTANBgkqhkiG9w0BAQEFAASBgJUD2Wt2TI0NnK/lEr43n4bnAmt2Emw3o5+B
rpYq12MSJNSeLtlJcDrEFLIurIlRB0vaYrQmgWksIxymrPsyz9OATBWq0XPU/ozaVTRFyeUq+P51
ETyOqoi6UrlWPlgnBJyp7qV7d4Mg2ENfy/4GLflv7BaOG/CLGzjgse443NVWAAAAAAAA

------=_NextPart_000_001E_01C58DFB.253F2490--

--__--__--

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

End of firewall-wizards Digest