Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Content Screening (UFP with FW1?)

From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Wed, 4 Oct 2000 10:11:50 -0400 
I had experience with this kind of thing about a year or two ago, so it's a
few revs back, but...

One thing we found was that when the CVP server (ie, websense or whatnot)
crashed, it defaulted to fail-closed. So, no web traffic would pass. Now, a
few things have happened sense then. First, I'm told Checkpoint now allows
you to default to fail-open, so you just stop checking for valid content,
but allow the web traffic to pass if your websense box dies. Second, you can
now have multiple redundant websense boxes for checking, with priority
ordered in Checkpoint. 

Aside from all that, they work pretty well, as long as they know about the
web site. It's somewhat like virus scanning in that they are always trying
to keep up with new web sites. Oh, we did have a few occasions where their
nightly update was corrupted and killed the box, but I'm sure they've worked
that out by now.

---------------------------------------------------------
Andrew J. Kalat,                | Voice: (678)443-6000  
IT Infrastructure Manager       | Fax:   (678)443-6484
Internet Security Systems, Inc. | E-Mail: akalat () iss net
6600 Peachtree-Dunwoody Road    | http://www.iss.net/
300 Embassy Row, Suite 500      | PGP key available.
Atlanta, GA 30328               | 
Note: These comments are my own, yadda, yadda...

-----Original Message-----
From: Jeff Newton [mailto:Jeff_Newton () pmc-sierra com]
Sent: Tuesday, October 03, 2000 4:57 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Content Screening (UFP with FW1?)



Anyone have experience/advice regarding content screening?  I'm
going to eval I-Gear, SurfWatch, and Websense for FW1.

Would love to hear from anyone that has walked this path before.

Thanks in advance.

----
Jeff Newton
Security Analyst
PMC-Sierra Inc.


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: