We're not and you hit the reason on the head: Akamai. Our ISP has one of their "edge of the Internet" caching boxes and although the URLthey're going to is to the big site, FW-1 shows the IP they're actually going to is on our ISPs network, the Akamai cache device.
We stuck in a Microsoft ISA2000 box behind FW-1 and are running it as a caching proxy. It dropped our T-1 usage from 90%+ during the day to barely 60%. It's tied to our domain system and it eaither allows people out based on their NT ID or it restricts them to a certain subset. All setup is done with URLs so we don't have to worry about changing or distributed IPs.
The bandwidth reduction allowed us to defer a second T-1 for over two years, so the whole deployment paid for itself inside of a year.
Ray
From: Crist Clark <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] Whitelisting URIs Date: Tue, 17 Aug 2004 15:20:03 -0700
We have been handed down a new policy that a certain set of computers will only be allowed HTTP access to a specific set of "blessed" web sites. We have been supplied with a set of URLs. I am trying to figure out the best way to do this within FW-1. I have been looking through the HTTP Security Server documentation and have done some playing with URI resources, but it's not looking too good.
How have other people out there done something like this short of going to a more full featured external HTTP proxy or third-party OPSEC tools? Some of the websites listed are "big" Akamai'ed or otherwise distributed where trying to list IPs will be an unmanageable pain. I've never had much success with "Domain Objects" either. Anyone doing this completely within FW-1? -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications (408) 933-4387
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================