Proxy firewall investigates all seven layers information but stateful packet firewall investigate only layer 3 and some of layer 4, though some vendor adds some application layer capabilities to their stateful packet firewalls, such as PIX. This is why proxy firewall is much powerful than statefull filter, it can see all contents in the packets. And, this is also the reason why proxy firewall is quite slower compared to stateful firewall.
Fei. -----Original Message----- From: kk downing [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 10:27 AM To: [EMAIL PROTECTED] Cc: Enrique Martin; [EMAIL PROTECTED]; Bill Royds Subject: RE: Migration from Gauntlet 5 to Firewall-1 I agree with your observations on marketing-fueled economies but my question is whay is a proxy firewall inherently more secure than stateful inspection. I haven't used the Guantlet but it sounds labor intensive. --- [EMAIL PROTECTED] wrote: > Proxy firewalls are slower than stateful inspection > and stateful > inspection is adequate for most uses. > It is not security that sells firewalls, but "cover > your *ss" for > liability. > Proxy firewalls are also less flexible since they > need to have a proxy for > each service, The new whiz-bang application using a > new proprietary > protocol is much more difficult to handle in a proxy > firewall than > stateful inspection. > Security is not what counts today in sales of > internet security > products. It is GUI, flexibility and market share. > Unfortunate, but true. > > Bill Royds > Acting System Administrator, > Canadian Heritage Information Network > (819) 994-1200 X 239 > > > > > > kk downing <[EMAIL PROTECTED]> > 04/04/02 09:34 AM > > > To: Bill Royds <[EMAIL PROTECTED]>, > Enrique Martin <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > cc: > Subject: RE: Migration from Gauntlet > 5 to Firewall-1 > > > Why is a proxy firewall inherently more secure than > a > stateful inspection firewall. If this is true why is > the trend towards stateful inspection among leading > firewall vendors? I was under the impression that > most > shops were moving away from Gauntlet which it was my > understanding was pretty much a favorite of the > financial industry but not many others. > > --- Bill Royds <[EMAIL PROTECTED]> wrote: > > Gauntlet is a proxy firewall and FW-1 uses > stateful > > inspection so there are significant logical > > differences between one and the other. Because of > > this it probably not be a good idea to just > convert > > the rules. A proxy firewall is inherently more > > secure than a stateful inspection one. So a single > > rule on the Gauntlet may need several FW-1 rules > in > > a particular order to achieve the same effect. > > Blowing the order can invalidate the effect of the > > rules. > > I would recommend reviewing your security > policy > > with a good FW-1 expert and re-creating the FW-1 > > rule set from the beginning to ensure that it > still > > covers the same areas that your Gauntlet covered. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf > Of > > Enrique Martin > > Sent: Wed April 03 2002 05:04 > > To: [EMAIL PROTECTED] > > Subject: Migration from Gauntlet 5 to Firewall-1 > > > > > > Hi all, > > have do you do a migration of the policies from > > Gauntlet to Firewall-1 > > in diferents machines? > > I think that it doesn�t be too much difficult, but > I > > would like to have > > some advices from someone who has do it. Somebody > > could help me? > > > > Thanks in advanced. > > > > ------ > > Enrique > > -- > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > > > __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
