[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall
Hi Tony, FW-1 has that potential too , it is called a checkbox in the GUI policy editor, but true, by default it is turned off. We use Fw1 and MS Proxy, but only use MSP to act as a HTTP HTTPS/FTP proxy , not as a firewall. We get a 30% cache hit rate from it as well, so that cuts down on bandwidth load. MSP also intergrates with the NT domain for transparent authentication and accesss, for internal clients pointed to the proxy. This way you can block those protocols outgoing on the firewall for all but the proxy and use NT groups to control access out. Also the MSP logs can have username detail in them so there is no dispute as to who was browsing "that" site :-) cheers dean -----Original Message----- From: Tony Miedaner [mailto:[email protected]] Somewhat off topic but.... IMHO, the devils in the details. Very basically, a well designed fw product should fail closed (passes nothing). I would suspect that MS Proxy would have the potential to fail open. Can anyone else comment on this? >>fw-1 at a minimum passes that test. *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|