Re: Microsoft proxy as a FW

[Carric Dooley <carric () com2usa com>]

Jeez... the whitepapers should be just about enough.  The ONLY time I
would use MS Proxy is either for someone wanting to be able to proxy all
their clients through their cable modem at home and the lack knowledge
with Linux, or if is a small client (50 users or less) that again has not
linux knowledge.  Although it is not a great solution from a scalability
perspective (in fact, the word that comes to mind is "crap") it is
arguabley secure.  I would check the ntsecurity newsgroup for the positive
picture of MS Proxy.  To get other views, check out networkcomputing.com
(and I believe data.com just did a review of some firewalls, but MS Proxy
did not make the list of FW's to test).

In my own presonal experience with MS Proxy (I was using it at home for a
while <hey, I was evaluating it!>) I found it less than dependable.  Also,
in a mixed OS environment, particularly with Unix as a desktop OS, it
bites.  To do anything other than Web, you have to install the Microsoft
Proxy client, and guess which platforms that is written for (hint: Neither
Linux nor Solaris  makes the list).  I found myself troubleshooting why
the hell it quit working about once a week (which was usuall IIS, or maybe
the proxy service itself.. it depended).  I had trouble trying to get it
to work with IIS4 and eventually downgraded to IIS3 so I could manage the
MS Proxy piece.  My Unix clients could do very little (I started tinkering
with "socksified" clients for SOCKSv4, but eventually just decided I would
opt for something that could give me what I want without having to install
special clients or other crap).

Microsoft recommends a proxy server for every 2000 desktops, but this is
the same company that said Windows 95 could run an a 386 with 4 MB RAM
(tip:  It will run but you have to install Win95 with 8MB onboard,
then take the additional 4 MB back).  While researching web proxy
solutions, I think the number I was given by several who were working with
MS Proxy was around 300 users on a single box before one started to have
serious problems.  Interesint, no?  I have also recently contacted
Microsoft directly concerning the limitations of Proxy server (I am
currently contracting for a large company that has a hefty contract with
them) and they have yet to respond.

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Thu, 10 Jun 1999, Matt Doughty wrote:

> Ok guys... I know that using M$ Proxy as a FW is stupid...
> Unfortunately, a few people in management don't.......
> I need to document what using M$ proxy as a firewall 
> isn't a good idea. Please anyone who can point me towards
> good documentation on this I would appreciate it.
>
> //Matt