Security Basics mailing list archives

Re: Application Firewall

From: "ॐ aditya mukadam ॐ" <aditya.mukadam () gmail com>
Date: Tue, 22 Jul 2008 08:45:17 +0530

Definition of firewall would change depending on the which Layer of
TCP/IP you are at . I agree BlueCoat is an application proxy as its
name suggests 'BlueCoat Proxy ! You can do quite lot of things with it
and also configure rules based on the source IPs,Destination IPs,
Services etc. You can even integrate this with Websense. It is quite a
powerful device.( Disclaimer: These are my personal views based on my
experience and I donot intend to market this product through this
mailing-list :-) )

Thanks,
Aditya Govind Mukadam



On Fri, Jul 18, 2008 at 8:50 PM, Bryan S. Sampsel
<bsampsel () libertyactivist org> wrote:

Actually, that's not quite true.  The BlueCoat is a specialized device
that protects one thing.  However, I would not deploy it in the open on
its own, as I would a Borderware or Sidewinder firewall.

It's an application proxy, but it is not a full firewall in and of itself.

A Sidewinder, even before they added packet filter capabilities, does
qualify as a firewall.  As did the old Raptor and Gauntlet firewalls.

The Cisco ASA is a stateful packet inspection firewall, but does not
protect the upper areas of the OSI model.  Nor does it present a hardened
IP stack between two ends of a protected connection.  It  filters the
connection, but when a connection is allowed, it is directly connected to
the end point.

Whereas, with the Sidewinder Firewall, if an FTP proxy is sitting between
the client and server, the client connects to the proxy and hardened IP
stack of the Sidewinder.  The Sidewinder's proxy, which does have some
additional protections/limitations that can be configured, then initiates
the connection to the server on behalf of the client.  Even when using a
"generic" proxy, at the very minimum, the client is protected by the
hardened IP stack of the Sidewinder.

While a straight packet filter firewall has its place, it does not protect
to the same extent.


? aditya mukadam ? wrote:

Application level firewalls are actually not firewalls but can be
called as intelligent proxies. Cisco ASA is a stateful firewall.

I know BlueCoat proxy which would categorize as application level
firewall.

Current thread:

Application Firewall ams . sec (Jul 18)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)
  - Re: Application Firewall Bryan S. Sampsel (Jul 21)
    - Re: Application Firewall ॐ aditya mukadam ॐ (Jul 22)
  - Re: Application Firewall Sanjay R (Jul 31)
- Re: Application Firewall Adriel Desautels (Jul 18)
  - Re: Application Firewall Ivan . (Jul 21)
- Re: Application Firewall Bryan S. Sampsel (Jul 18)
  - Re: Application Firewall Adriel Desautels (Jul 21)
    - Re: Application Firewall Paul Wong (Jul 27)
- <Possible follow-ups>
- Re: Application Firewall Kyu Kwak (Jul 21)
  - RE: Application Firewall Roni Bachar (Jul 30)
- Re: Re: Application Firewall antman84ca (Jul 21)
- Re: RE: Application Firewall anonymous (Jul 31)