Ok, I'm gonna show my firewall ignorance here. I know what a packet filter
does, and I know what a proxy server does, but I don't really comprehend the
difference in an environment like this. We have customers coming in via NFuse
to two Citrix boxes. Behind the citrix boxes are a SQL server, and an Exchange
server. So, the only traffic my firewall would let in are Citrix packets and
port 25 directly into the exchange server. I know this is an extrordinarily
open question, but where will a proxy server protect me that a packet filter
won't?
Thanks,
Chuck
>> Well for one thing, I don't think I'd bet the farm and my family's
>> livelihood on an appliance. But with only 200 clients, he might get by.
>> Second, I must admit I am a proxy bigot... I do not, will not ever use a
>> packet filter as my edge device. oh well you will hear reasons for and
>> against them... I just prefer proxy types... They allow me to sleep better
>> at night.. And I highly doubt that 200 users are going to tax a network
>> to
>> the point where you need Godzilla-bit speed that packet filters claim...
>> But
>> that is my opinion. 3rd, I 'd be worrying about redundancy, auto failover
>> etc... especially if my clients were expecting a certain level of uptime
>> for
>> their money.
>> Have you looked into the new VelociRaptor from AXENT/Symantic? It is a
>> brick running on Red Hat LINUX and provides a full featured Raptor suite
>> for
>> a decent price.
>> > -----Original Message-----
>> > From: Chuck Brown [SMTP:[EMAIL PROTECTED]]
>> > Sent: Friday, March 30, 2001 12:09 PM
>> > To: [EMAIL PROTECTED]
>> > Subject: Classes of Firewalls
>> >
>> > We are working with a customer about to set up a hosted system in a
>> > datacenter. He will be providing services for a couple hundred clients.
>> He
>> > has a choice of buying a higher end SonicWall or WatchGuard (3-5K), or
>> > using the datacenter provided firewall (several K/month). The datacenter
>> > uses either Checkpoint Firewall-1 on Nokia IP330/IP650 equipment or
>> Cisco
>> > PIX 512/520 stuff. This may be a really stupid question (sorry), but
>> other
>> > than throughput, what do you get for the higher $$$s?
>> >
>> > Thanks
>> >
>> > Chuck Brown
>> > Infinity, Inc
>> > - [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe
>> > firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
