Thursday, February 02, 2006

Q: Whats all the brouhaha about turning off ifwd on the Nokias?

A:
ifwd is a daemon that runs on the IPSO platforms. "fwd monitors interface changes and resets firewall processes if an interface changes state"; more info at resolution 20521: ifwd is generally recommended to be disabled in NG AI. In Check Point VPN-1/FireWall-1 NG AI, Nokia recommends turning off this daemon (follow above link to see the entire suggestion.) Resolution 1280 talks further about the use of ifwd. It states that ifwd should be started before adding or changing interfaces, and then stopped after the changes are made. To start or stop ifwd, log into Voyager, and look for Config/Security/Checkpoint. There's a radio button to start and stop ifwd in there.