Barry J. Stiefel
2005-08-13, 13:50
FAST Mode is an option for TCP services to allow quicker inspection of packets in FireWall-1 4.1 and earlier. ACK packets for a service in FAST Mode are not checked against the state table because they are assumed to be part of an established session. SYN packets are still checked against the rulebase per normal, but successful connections are not logged in the state table. This is very similar to what a packet filter like a Cisco router does. It's fast, but not very secure.

FASTPATH is an option that exists in 2.1 and 3.x versions of FireWall-1 that enables the FAST Mode functionality for all TCP services.

Note that for any service in FAST Mode, you can't use any feature that requires FireWall-1 to examine each packet for that service. This includes Authentication, Encryption, and NAT.

Note that there is a mode in the IPSO OS called "fastpath" that has absolutely nothing to do with FASTPATH in FireWall-1.

-- PhoneBoy (http://www.phoneboy.com/bin/view.pl/Main/PhoneBoy) - 11 Jan 2004

