Re: Firewall best practices

[ArkanoiD <ark () eltex net>]

Well, maybe it's time to implement something like that in opensource?
Say, "smart redirector" for pf/iptables that diverts connection to specific
application proxy? I remember i was against the idea of transparent proxying
itself, and it is now proved i was wrong (and actually it was pretty obvious
back then as well that mobile users need transparent access as other ways
to keep configuration unified are too complicated for average administrator,
so it was just my blind spot). So, though i still doubt protocol heuristics
are good, there is definitely some demand.

Any sponsors or just technologies to steal? ;-)

On Mon, May 10, 2010 at 06:39:00PM -0700, david () lang hm wrote:
> someone mentioned elsewhere in this thread the Palo Alto boxes and their 
> application based ruleset.
>
> It looks like Macafee is going very much down the same route with the 
> Sidewinder firewalls with version 8 (announced last week, due to be 
> released in June)
>
> Since it's not out yet, it's impossible to do a complete comparison of 
> them, but it's worth keeping an eye on what happens.
>
> David Lang
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> email protected and scanned by AdvascanTM - keeping email useful - 
> www.advascan.com 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards