RE: Reverse Proxy through FW-1

[Myles_Keough () corpsoft com]

Actually SSL is being used and all users have been assigned certificates.  I
recommended using VPN but last time they tried that there was such a degradation
in performance of the FW that they removed VPN on all except for 12 clients (the
12 are high speed connections, either DSL or Cable modems).  That's actually why
I was asking about the VPN-1 accelerator card.  Supposedly this handles all the
encryption and reduces processor utilization by 35%... that's what a "Sales
rep." told me anyway.  Checkpoint claims they support Proxy and MS claims Proxy
can effectively reverse proxy.  I'm trying to establish if I would be better off
using the VPN-1 client and the accelerator card, or keep trying to configure the
FW and Proxy using certificates and performing reverse proxy.






"Lee (Lockdown) Hughes" <lee () polestar co uk> on 09/10/99 10:07:44 AM
                                                              
                                                              
                                                              
 To:      Myles Keough/MA/CST, firewall-wizards () nfr net       
                                                              
 cc:                                                          
                                                              
                                                              
                                                              
 Subject: RE: Reverse Proxy through FW-1                      
                                                              






Ohh, that's a really bad Idea if your not using any kind of encrypted
tunnels,
I think a better solution is to use a firewall 1's VPN tunneling...
as netbios authentication (SMB-CHAP) is not really something you
should be opening you firewall up to!
Hope that helps,
Lee

> -----Original Message-----
> From:   Myles_Keough () corpsoft com [SMTP:Myles_Keough () corpsoft com]
> Sent:   Thursday, September 09, 1999 7:45 PM
> To:     firewall-wizards () nfr net
> Subject:     Reverse Proxy through FW-1
>
> Has anyone tried to setup a Proxy server behind a FW-1?  I'm try to have
> users
> log in with their NT accounts over the internet by doing the following;
> pass
> through the firewall to the Proxy server (in DMZ), reverse proxy back
> through
> the firewall to the intranet, then hit the IIS box.  The FW, Proxy, and
> IIS box
> are all setup to do this but for some reason it's not working.  Any
> idea's?
>
> Also, has anyone install a VPN-1 Accelerator Card?  How easy is it to
> install
> and configure and more importantly is the performance increase noticeable?