I have not worked with the gauntlet but am interested in knowing if its configurable to enforce rules based on criteria it finds at all 7 layers? Is Gauntlet still widely used ?
--- Fei Yang <[EMAIL PROTECTED]> wrote: > Proxy firewall investigates all seven layers > information but stateful packet firewall investigate > only layer 3 and some of layer 4, though some vendor > adds some application layer capabilities to their > stateful packet firewalls, such as PIX. This is why > proxy firewall is much powerful than statefull > filter, it can see all contents in the packets. And, > this is also the reason why proxy firewall is quite > slower compared to stateful firewall. > > Fei. > > -----Original Message----- > From: kk downing [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 04, 2002 10:27 AM > To: [EMAIL PROTECTED] > Cc: Enrique Martin; [EMAIL PROTECTED]; Bill > Royds > Subject: RE: Migration from Gauntlet 5 to Firewall-1 > > > I agree with your observations on marketing-fueled > economies but my question is whay is a proxy > firewall > inherently more secure than stateful inspection. I > haven't used the Guantlet but it sounds labor > intensive. > > --- [EMAIL PROTECTED] wrote: > > Proxy firewalls are slower than stateful > inspection > > and stateful > > inspection is adequate for most uses. > > It is not security that sells firewalls, but > "cover > > your *ss" for > > liability. > > Proxy firewalls are also less flexible since they > > need to have a proxy for > > each service, The new whiz-bang application using > a > > new proprietary > > protocol is much more difficult to handle in a > proxy > > firewall than > > stateful inspection. > > Security is not what counts today in sales of > > internet security > > products. It is GUI, flexibility and market share. > > Unfortunate, but true. > > > > Bill Royds > > Acting System Administrator, > > Canadian Heritage Information Network > > (819) 994-1200 X 239 > > > > > > > > > > > > kk downing <[EMAIL PROTECTED]> > > 04/04/02 09:34 AM > > > > > > To: Bill Royds <[EMAIL PROTECTED]>, > > Enrique Martin <[EMAIL PROTECTED]>, > > [EMAIL PROTECTED] > > cc: > > Subject: RE: Migration from > Gauntlet > > 5 to Firewall-1 > > > > > > Why is a proxy firewall inherently more secure > than > > a > > stateful inspection firewall. If this is true why > is > > the trend towards stateful inspection among > leading > > firewall vendors? I was under the impression that > > most > > shops were moving away from Gauntlet which it was > my > > understanding was pretty much a favorite of the > > financial industry but not many others. > > > > --- Bill Royds <[EMAIL PROTECTED]> wrote: > > > Gauntlet is a proxy firewall and FW-1 uses > > stateful > > > inspection so there are significant logical > > > differences between one and the other. Because > of > > > this it probably not be a good idea to just > > convert > > > the rules. A proxy firewall is inherently more > > > secure than a stateful inspection one. So a > single > > > rule on the Gauntlet may need several FW-1 rules > > in > > > a particular order to achieve the same effect. > > > Blowing the order can invalidate the effect of > the > > > rules. > > > I would recommend reviewing your security > > policy > > > with a good FW-1 expert and re-creating the FW-1 > > > rule set from the beginning to ensure that it > > still > > > covers the same areas that your Gauntlet > covered. > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf > > Of > > > Enrique Martin > > > Sent: Wed April 03 2002 05:04 > > > To: [EMAIL PROTECTED] > > > Subject: Migration from Gauntlet 5 to Firewall-1 > > > > > > > > > Hi all, > > > have do you do a migration of the policies from > > > Gauntlet to Firewall-1 > > > in diferents machines? > > > I think that it doesn�t be too much difficult, > but > > I > > > would like to have > > > some advices from someone who has do it. > Somebody > > > could help me? > > > > > > Thanks in advanced. > > > > > > ------ > > > Enrique > > > -- > > > > > > > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Tax Center - online filing with TurboTax > > http://taxes.yahoo.com/ > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
