Those are the major differences: performance and administration. A
stateful inspection firewall (on similarly spec'd hardware) will always
beat an application proxy for raw speed. I don't know what the
percentages are specifically, but I am fairly confident they are
significant. It is in the technology they use to protect your network.
An application has to tear down and rebuild every packet going through it.
Stateful inspection maintains state information, and assesses each packet
against a policy.
>From an administrative perspective, I would prefer stateful inspection.
If you have custom apps or anything out of the ordinary, there may not be
a proxy to support that particular application. Opening ports is
easier to do.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Wed, 19 May 1999, Peter wrote:
> Does anyone tell me the difference especially in performance &
> administration between Application gateway type (e.g. Gauntlet) & Stateful
> Inspection type (e.g. Firewall-1) ?
>
> Thanks in advance!
>
> Peter Fung
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
