How Secure is communication between the modules?

[BarryStiefel]

How Secure is communication between the modules?



In the NG release of FireWall-1, SSL with certificates is used between all components, including the management GUIs.

In earlier releases, it is as follows:

• Prior to 4.1 SP2: fwa1 (supposedly 192bit) between modules if encryption license is present, otherwise authenticated with S/Key
• 4.1 SP2 and future versions of 4.1: fwa1 (192bit)

Note that I do not recommend using your VPN rules to allow management traffic between the firewall and management console. You could very easily get yourself into a bind where the VPN breaks and have a hell of a time getting things working again because your security policy only permits policy loads through the VPN rules.

-- GuyR - 09 Jan 2004

FAQForm FAQs.Class: RemoteManagementFAQs FAQs.OS: FAQs.Version:

[numpty]

Does this mean SSL runs over the top off all management TCP/UDP ports? Is every communication, including fetching logs, syncing to secondary MM, SNMP etc, etc. There is a long list of ports at the following URL.

http://www.fw-1.de/aerasec/ng/ports-ng.html

When you say SSL between all components including GUI does the encryption differ? SSLCa v SSLCA ASYM? What are the differences between the SSLCa and SSLCA ASYM? Is it perhaps Symmetric 168 DES V Assym 1024?

Do you know of a decent paper on this subject?

Thanks