RE: using raptor as a choke router

["Shivdasani, Meenoo" <Meenoo_Shivdasani () NAI com>]

> server is it wise to use something like Raptor to both act as 
> the internal
> choke router and proxy?  and if it aint .. like the books 
> say, why the hell
> do they sell such stuff which can do both?  I mean, if it is 
> a bad thing to
> combine both then why should I buy something which I wont 
> fully use ?  I am
> confuzzed !

It depends on the needs of your specific organization.  

Application proxies do provide better security, but your trade-off is that
you lose performance.  And in some cases, an application proxy may not be
able to transfer the traffic that you need to transfer.  Enter the packet
filtering option.

Packet filters do have their uses -- on at least one product that I'm
familiar with, you can use the packet filter to remove or create
transparency on firewall interfaces, pass protocols for which there aren't
proxies (GRE for example), and block unwanted packets from ever reaching
your firewall (like the network that I have blocked because of the
irritating traffic that they keep sending my direction).

YMMV,

M