Firewall Wizards mailing list archives
Re: Corporate H/N IPS
From: Chris Boscolo <Chris.Boscolo () watchguard com>
Date: Mon, 16 Dec 2002 13:49:27 -0800
On 12/15/02 9:47 PM, "David Lang" <david.lang () digitalinsight com> wrote:
I'm not sure I would buy that application proxy firewalls are inherently harder to run. now looking at what's currently on the market I could believe that what's currently being sold as application proxy firewalls are slightly harder to run, but I think there are bigger reasons people don't run them 1. the two biggest application firewalls have been sold at least once in the last couple of years (Gauntlet and Raptor), leading to support problems during the transition (support problems that have gotten bad enough to drive away loyal customers)
[This borders on being a commercial, but I do have a point to make.] WatchGuard has been selling firewalls with [transparent] application proxies since 1996. In terms of number of units, I think we surpass the two you mentioned combined. One difference with our firewall and the two you mentioned is that we have traditionally targeted companies with small or no IT staff and thus focused on ease-of-use. The point I am making is that I do not believe that applications-proxy based firewalls are necessarily more difficult to setup than SPF-based technologies. It really depends on what additional features in the application proxies you want to allow the user to configure. In some cases, like our DNS Proxy, it's a simple issue of which ICON you choose in the GUI.
2. the perception that they aren't 'fast enough' (people run raptor on windows and get > 200Mb throughput, how fast do you really need to be?)
I agree that this is a perception problem and not one of pure installation requirements for the throughput issue, but I'm not sure you can say the same thing about scalability. There are actually two issues with traditional application proxy technologies: speed and scalability. For most installations, I agree with you that the throughput is more than adequate to handle the internet pipe. But, I cannot say the same for scalability. Generally speaking, traditional application proxy firewalls cannot proxy as many sessions as a simple SPF firewall, given comparable hardware.
3. market share (after all if all the other companies are running SPF firewalls why should we buy anything else) 4. with a good application proxy firewall it's hard to say 'well, just let everything through for now and we'll tighten it up later'
Again, this also does not have to be true. With a Firewall that is a hybrid, (one that does both SPF and application proxies), it is easy to deploy with this tactic. Plus, you have the flexibility to turn off the application proxy based technology if their is indeed a performance/scalability issue.
David Lang
Getting back to the original thread, "what Marketing people are calling IPS is just a repackaging of application proxy Firewalls", there is no question that there are great similarities between the two. It should be noted that from a packet-flow perspective there is actually a big difference between application proxy-based firewalls and IPS that are based on NIDS systems that do TCP reassembly. Unfortunately, distinctions like this barely matter when written in glossy Marketing materials. -chrisb _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Corporate H/N IPS Talisker (Dec 13)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
- Re: Corporate H/N IPS Carson Gaspar (Dec 14)
- Re: Corporate H/N IPS Talisker (Dec 14)
- Re: Corporate H/N IPS Crispin Cowan (Dec 14)
- Re: Corporate H/N IPS Fritz Ames (Dec 15)
- RE: Corporate H/N IPS Bill Royds (Dec 15)
- RE: Corporate H/N IPS David Lang (Dec 16)
- Message not available
- RE: Corporate H/N IPS Marcus J. Ranum (Dec 17)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
- <Possible follow-ups>
- Re: Corporate H/N IPS Chris Boscolo (Dec 16)
- Re: Corporate H/N IPS Marcus J. Ranum (Dec 17)