I'm new to the firewall biz and I'm trying to get a grip on why I would want to use a http security server as opposed to just creating a rule to allow access to a specific host or group of hosts and use OS security. I've been reading the doc but I think I'm missing something or I'm looking for something that is not there. This is what I've come up with so far, but I'm still looking for other reasons:
Environment:
FW-1 4.0 NT 4.0
IIS4 NT 4.0
Http Security Server:
I can hide multiple web servers behind the firewall without having to have multiple external IP addresses.
Without:
I can have multiple web servers accessed through a single master using virtual directories.
Http Security Server:
I can authenticate users via several schemes: OS password, SecurID, RADIUS, etc. (After I'm authenticated by the firewall, how does the web server know that I've been authenticated to use it's resources? or would I have to authenticate again after getting through the gateway? After I've authenticated on the gateway, does the web server think that I'm on the local network? Why would I want to authenticate to the gateway first and then again on the web server?)
Without:
I can only authenticate to the OS.
Http Security Server:
Rule: User@Any Any http UserAuth
Without:
Rule: Any Host http Accept
Shawn M. Kelly
Manager, Network and Support Services
Cornerstone Family Services
