Firewall Wizards mailing list archives
RE: Dialog on Microsoft's Proxy server?
From: "Peter Hunt" <peter.hunt2 () virgin net>
Date: Fri, 12 Mar 1999 10:49:29 -0500
Thanks Rob, and yep I had missed your review. As for the routing deficiences, here is a quick summary of our experience: We had intended to use MSP for Intranet authentication & caching benefits (security dictate on Proxy Intranet). Intranet testing looked good until we configured the browsers for Internet-Proxy+Intranet-Proxy, when all Intranet HTTP was forwarded upstream to our IBM managed firewall/proxy. MS response (Europe) concluded two separate MSP architectures are currently required to Proxy both Intranet & Internet. This is apparently due to MSP routing design, which is apparently being changed and they have promised a fix that we expect to receive soon. I guess this means only the Proxy routing config option of 'direct-connect' actually enables any routing decisions. Pete
-----Original Message----- From: Robert Graham [mailto:robert_david_graham () yahoo com] Sent: Thursday, March 11, 1999 1:17 PM To: Peter Hunt; Don Tuer; owner-firewall-wizards () nfr net Subject: RE: Dialog on Microsoft's Proxy server? Did you miss my review of my personal experiences at http://www.nfr.net/firewall-wizards/mail-archive/1999/Feb/0175.html Few people seemed willing to comment on that. What routing deficiencies did you have? My impression is that IP forwarding is extraordinarily dangerous on MS Proxy, especially since WinNT is defenseless against source routing attacks. Rob. ---Peter Hunt <peter.hunt2 () virgin net> wrote:It's not just Don, I am also interested. We just deployed MSP downstream to IBM firwall/proxy and found MSProutingdefeciences (we are awaiting a custom MS hotfix!) Pete-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Don Tuer Sent: Wednesday, March 10, 1999 12:08 AM To: owner-firewall-wizards () nfr net Subject: Dialog on Microsoft's Proxy server? Hello: I'm wondering if anyone on this list would like to dialog onMicrosoft'sProxy server 2 or know of another list on the topic. Thanks Don Tuer_________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- RE: Dialog on Microsoft's Proxy server? Russ (Mar 12)
- <Possible follow-ups>
- RE: Dialog on Microsoft's Proxy server? jboles (Mar 12)
- RE: Dialog on Microsoft's Proxy server? Robert Graham (Mar 12)
- RE: Dialog on Microsoft's Proxy server? Peter Hunt (Mar 12)