Firewall Wizards mailing list archives
RE: Application Proxy/L7 Firewall Recommendation?
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Mon, 9 Sep 2002 21:59:14 -0500
inline Wes Noonan, MCSE/CCNA/CCDA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: kaptain [mailto:kaptain () kaptain com] Sent: Monday, September 09, 2002 14:47 To: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Application Proxy/L7 Firewall Recommendation? I'd recommend Network Appliance NetCache or Blue Coat (formerly Cacheflow) Secure Gateways. I'm not ISA bashing here...I'm sure it's plenty good for some people. Here are the major advantages I see with the aformentioned appliances. [1] These appliances have sophisticated policy engines and ACL capabilities. They can support all the major types of streaming media. They can do content filtering, throttle bandwidth, be prepopulated with content, display real time metrics, proxy DNS, virus scan, GSLB (with NetCache at least for distributed content access), central multi-box managment, etc.
I think ISA pretty much covers all of what you mentioned as well: Policy engines and ACLs - yes Streaming Media - yes Content filtering - yes, including SMTP content filtering among others. Prepopulated with content - not sure I follow what you mean Display real time metrics - would need to know the metrics in question, but I am pretty sure ISA does this as well. Proxy DNS - I am honestly not sure if it can proxy DNS or not. If it can't this is a shortcoming that should be fixed IMO. Virus Scan - yes GSLB - Dunno how well it performs here. I know that it does have some load balancing functions via ISA arrays, but haven't seen a contrast of performance (though the MS website proclaims that it trounced everyone else... I don't put much stock in that though) Central Multi-box management - yes Heck, this comes from the marketing slugs, but it seems like it has plenty of sophistication: http://www.microsoft.com/isaserver/evaluation/features/default.asp I guess the point I am trying to make is that folks might be surprised at what ISA can do, if they take a fair look at it[1].
[2] They both have proprietary OS's that aren't subject to exploits common to platforms that run Linux or Windows. These general purpose OS's require constant maintenance.
Very fair point.
Both platforms support SmartFilter, Websense and WebWasher. I believe the WebWasher product is off-box and the filtration happens via request modification as part of the ICAP protocol. Both platforms allow ACLs based on filter categories and users (and groups) along with authentication (NTLM, Radiu, LDAP, and user defined on box).
Websense runs on/with ISA as well. The other two (in addition to websense) may well be able to do the most of what the original poster was looking for. Plus, SmartFilter and WebWasher can be run off box (if I read everything correctly), which kind of goes to prove the point that security is becoming less and less about "the box" and more and more about "the process". Thanks for all of the feedback. You brought up some good points and contrasts. I think the original poster has plenty of stuff he can track down for a solution that will work for him. [1] Truth be told, I don't use it, I like PIXen for what I need to do 99% of the time... _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application Proxy/L7 Firewall Recommendation?, (continued)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 05)
- RE: Application Proxy/L7 Firewall Recommendation? Dawes, Rogan (ZA - Johannesburg) (Sep 05)
- RE: Application Proxy/L7 Firewall Recommendation? Noonan, Wesley (Sep 06)
- RE: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)
- Re: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Noonan, Wesley (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? kaptain (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Noonan, Wesley (Sep 10)