Firewall Wizards mailing list archives
Re: Microsoft proxy as a FW
From: Carric Dooley <carric () com2usa com>
Date: Mon, 14 Jun 1999 11:19:47 -0400 (EDT)
Jeez... the whitepapers should be just about enough. The ONLY time I would use MS Proxy is either for someone wanting to be able to proxy all their clients through their cable modem at home and the lack knowledge with Linux, or if is a small client (50 users or less) that again has not linux knowledge. Although it is not a great solution from a scalability perspective (in fact, the word that comes to mind is "crap") it is arguabley secure. I would check the ntsecurity newsgroup for the positive picture of MS Proxy. To get other views, check out networkcomputing.com (and I believe data.com just did a review of some firewalls, but MS Proxy did not make the list of FW's to test). In my own presonal experience with MS Proxy (I was using it at home for a while <hey, I was evaluating it!>) I found it less than dependable. Also, in a mixed OS environment, particularly with Unix as a desktop OS, it bites. To do anything other than Web, you have to install the Microsoft Proxy client, and guess which platforms that is written for (hint: Neither Linux nor Solaris makes the list). I found myself troubleshooting why the hell it quit working about once a week (which was usuall IIS, or maybe the proxy service itself.. it depended). I had trouble trying to get it to work with IIS4 and eventually downgraded to IIS3 so I could manage the MS Proxy piece. My Unix clients could do very little (I started tinkering with "socksified" clients for SOCKSv4, but eventually just decided I would opt for something that could give me what I want without having to install special clients or other crap). Microsoft recommends a proxy server for every 2000 desktops, but this is the same company that said Windows 95 could run an a 386 with 4 MB RAM (tip: It will run but you have to install Win95 with 8MB onboard, then take the additional 4 MB back). While researching web proxy solutions, I think the number I was given by several who were working with MS Proxy was around 300 users on a single box before one started to have serious problems. Interesint, no? I have also recently contacted Microsoft directly concerning the limitations of Proxy server (I am currently contracting for a large company that has a hefty contract with them) and they have yet to respond. Carric Dooley COM2:Interactive Media http://www.com2usa.com On Thu, 10 Jun 1999, Matt Doughty wrote:
Ok guys... I know that using M$ Proxy as a FW is stupid... Unfortunately, a few people in management don't....... I need to document what using M$ proxy as a firewall isn't a good idea. Please anyone who can point me towards good documentation on this I would appreciate it. //Matt
Current thread:
- Microsoft proxy as a FW Matt Doughty (Jun 14)
- Re: Microsoft proxy as a FW Carric Dooley (Jun 15)
- <Possible follow-ups>
- Re: Microsoft proxy as a FW Rodney van den Oever (Jun 16)