I agree with your observations on marketing-fueled economies but my question is whay is a proxy firewall inherently more secure than stateful inspection. I haven't used the Guantlet but it sounds labor intensive.
--- [EMAIL PROTECTED] wrote: > Proxy firewalls are slower than stateful inspection > and stateful > inspection is adequate for most uses. > It is not security that sells firewalls, but "cover > your *ss" for > liability. > Proxy firewalls are also less flexible since they > need to have a proxy for > each service, The new whiz-bang application using a > new proprietary > protocol is much more difficult to handle in a proxy > firewall than > stateful inspection. > Security is not what counts today in sales of > internet security > products. It is GUI, flexibility and market share. > Unfortunate, but true. > > Bill Royds > Acting System Administrator, > Canadian Heritage Information Network > (819) 994-1200 X 239 > > > > > > kk downing <[EMAIL PROTECTED]> > 04/04/02 09:34 AM > > > To: Bill Royds <[EMAIL PROTECTED]>, > Enrique Martin <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > cc: > Subject: RE: Migration from Gauntlet > 5 to Firewall-1 > > > Why is a proxy firewall inherently more secure than > a > stateful inspection firewall. If this is true why is > the trend towards stateful inspection among leading > firewall vendors? I was under the impression that > most > shops were moving away from Gauntlet which it was my > understanding was pretty much a favorite of the > financial industry but not many others. > > --- Bill Royds <[EMAIL PROTECTED]> wrote: > > Gauntlet is a proxy firewall and FW-1 uses > stateful > > inspection so there are significant logical > > differences between one and the other. Because of > > this it probably not be a good idea to just > convert > > the rules. A proxy firewall is inherently more > > secure than a stateful inspection one. So a single > > rule on the Gauntlet may need several FW-1 rules > in > > a particular order to achieve the same effect. > > Blowing the order can invalidate the effect of the > > rules. > > I would recommend reviewing your security > policy > > with a good FW-1 expert and re-creating the FW-1 > > rule set from the beginning to ensure that it > still > > covers the same areas that your Gauntlet covered. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf > Of > > Enrique Martin > > Sent: Wed April 03 2002 05:04 > > To: [EMAIL PROTECTED] > > Subject: Migration from Gauntlet 5 to Firewall-1 > > > > > > Hi all, > > have do you do a migration of the policies from > > Gauntlet to Firewall-1 > > in diferents machines? > > I think that it doesn�t be too much difficult, but > I > > would like to have > > some advices from someone who has do it. Somebody > > could help me? > > > > Thanks in advanced. > > > > ------ > > Enrique > > -- > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > > > __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
