Re: NAI Guantlet "Best of Show Award" The Real Deal

[Frederick M Avolio <fred () avolio com>]

> If we agree that the basic "feature" being touted is something like: start a
> connection at the proxy layer and then send data packets through at the
> packet layer AND you agree that its done primarily to increase throughput of
> the firewall - then I would agree with Andy that it is a re-work of the

Yes, but I do not agree that the only reason to do this is throughput, as
we discussed a bit in Tucson the other day. Also, I discussed it I think
some where in this thread. Sometimes it makes no sense to relay data
through a proxy. For example, data that you do not process nor does it make
any sense to process (audio streams come to mind).


> I know what the Raptor Firewall Fastpath (RFF) does, but I don't know if it
> does more or less than what Gauntlet Adaptive Proxy (GAP) does.  Based
> strictly on the whitepaper, I would judge it to be very similar to the RFF
> stuff and both being more than what CISCO PIX offers.  The Cut-through proxy
> appears to have the actual proxy go away and not have anything more to do
> with the connection, whereas GAP and RFF leave the proxy "running", but only
> for control, not data transfer.

Yes and I consider this considerably more.

> 2) "As a result, an adapative proxy firewall is every bit as secure as a
> standard proxy firewall ...".  I would claim this is simply not true.  The
> real value of a standard proxy firewall is the fact that application data is
> checked for known attacks, not just that a logical separation of the
> networks has occured by creating a new connection for every session.  For

Yes, but in the case where there is nothing to check (a video stream) or
where the customer picks speed over security under certain conditions, this
is more secure than the other methods mentioned by you.

> The above basically describes the Raptor implementation as well.  The CISCO
> implemenation would simply have the proxy go away completely.  I cannot
> comment on the Secure Computing version of this capability.

I'd love to see a white paper on Raptor's implementation, even containing
some marketing-speak as the Gauntlet paper. :-) Even if it has all that you
say is missing in the Gauntlet paper.  If Raptor has all of this also this
is wonderful, very useful, a secure hybrid (as opposed to what some vendors
with mixed systems offer), and you should have tooted your horn about it
long ago. Also, NAI says they have applied for a patent, so make sure
you've got your lab books dated and signed. :-)

And -- since someone already asked -- no, I did not write the Gauntlet
white paper. I'd have gotten the historic part correct. :-)

Fred