Bill,
I see a lot of people talk about the inflexability of proxy based
firewalls and I have to disagree. I don't think there is a proxy firewall
out there that doesn't let you create generic TCP or UDP proxies for any
port/range of ports or create filters that bypass the proxy controls if
needed. The Sidewinder and Cyberguard firewalls are two application layer
firewalls that allow you to create all three types of rules. Obviously
these are less secure than a well written application layer proxy but since
you have the application layer proxy and the ability to create generic
proxies this would make an proxy based firewall more configurable than a
stateful inspection firewall. I use the Sidewinder extensively and it is
much more configurable than Firewall-1 or PIX both of which I have also
used. This does not address the speed issue but I feel that most people
say Firewall-1 is more configure just because it is easier for them to
understand a product that gives them less choices rather than more choices.
Regards,
Jeffery Gieser
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
