That is a religious argument my friend. Personally I would say an
application proxy is more secure, but harder to manage and slower. I bet
this will spark off some sort of debate however.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Wed, 19 May 1999, Dick Kline wrote:
> Carric Dooley wrote:
> >
> > Those are the major differences: performance and administration. A
> > stateful inspection firewall (on similarly spec'd hardware) will always
> > beat an application proxy for raw speed. I don't know what the
> > percentages are specifically, but I am fairly confident they are
> > significant. It is in the technology they use to protect your network.
> > An application has to tear down and rebuild every packet going through it.
> > Stateful inspection maintains state information, and assesses each packet
> > against a policy.
> >
> > >From an administrative perspective, I would prefer stateful inspection.
> > If you have custom apps or anything out of the ordinary, there may not be
> > a proxy to support that particular application. Opening ports is
> > easier to do.
> >
> > Carric Dooley
> > COM2:Interactive Media
> > http://www.com2usa.com
> >
> > On Wed, 19 May 1999, Peter wrote:
> >
> > > Does anyone tell me the difference especially in performance &
> > > administration between Application gateway type (e.g. Gauntlet) & Stateful
> > > Inspection type (e.g. Firewall-1) ?
> > >
> > > Thanks in advance!
> > >
> > > Peter Fung
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> What about security? Isn't that the real purpose of the firewall? How
> do the two compare with that as the main concern?
>
> Robert Hunt
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
