Firewall Wizards mailing list archives
RE: Reverse Proxy through FW-1
From: Myles_Keough () corpsoft com
Date: Fri, 10 Sep 1999 14:51:47 -0400
Actually SSL is being used and all users have been assigned certificates. I recommended using VPN but last time they tried that there was such a degradation in performance of the FW that they removed VPN on all except for 12 clients (the 12 are high speed connections, either DSL or Cable modems). That's actually why I was asking about the VPN-1 accelerator card. Supposedly this handles all the encryption and reduces processor utilization by 35%... that's what a "Sales rep." told me anyway. Checkpoint claims they support Proxy and MS claims Proxy can effectively reverse proxy. I'm trying to establish if I would be better off using the VPN-1 client and the accelerator card, or keep trying to configure the FW and Proxy using certificates and performing reverse proxy. "Lee (Lockdown) Hughes" <lee () polestar co uk> on 09/10/99 10:07:44 AM To: Myles Keough/MA/CST, firewall-wizards () nfr net cc: Subject: RE: Reverse Proxy through FW-1 Ohh, that's a really bad Idea if your not using any kind of encrypted tunnels, I think a better solution is to use a firewall 1's VPN tunneling... as netbios authentication (SMB-CHAP) is not really something you should be opening you firewall up to! Hope that helps, Lee
-----Original Message----- From: Myles_Keough () corpsoft com [SMTP:Myles_Keough () corpsoft com] Sent: Thursday, September 09, 1999 7:45 PM To: firewall-wizards () nfr net Subject: Reverse Proxy through FW-1 Has anyone tried to setup a Proxy server behind a FW-1? I'm try to have users log in with their NT accounts over the internet by doing the following; pass through the firewall to the Proxy server (in DMZ), reverse proxy back through the firewall to the intranet, then hit the IIS box. The FW, Proxy, and IIS box are all setup to do this but for some reason it's not working. Any idea's? Also, has anyone install a VPN-1 Accelerator Card? How easy is it to install and configure and more importantly is the performance increase noticeable?
Current thread:
- Reverse Proxy through FW-1 Myles_Keough (Sep 09)
- <Possible follow-ups>
- RE: Reverse Proxy through FW-1 Lee (Lockdown) Hughes (Sep 10)
- RE: Reverse Proxy through FW-1 Myles_Keough (Sep 10)