Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Proxy server and Firewall-1

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Proxy server and Firewall-1
From: "Murphy, Paul" <[email protected]>
Date: Wed, 11 Oct 2000 10:55:47 +0100
Cc: [email protected]
Sender: [email protected]


I guess if your proxy is caching, it would follow that you would have less
traffic through the firewall if it were on the inside, as a percentage of
webpage requests would be resolved by the proxy without involving the
firewall.  This would imply a better firewall performance.

Plus your firewall won't have to maintain the state of your user community
talking to proxy in the DMZ and then that proxy talking to countless
websites.  It will just need to maintain the state of the proxy talking to
the websites.  This should bring a performance gain.

So the question on everybody's lips is: why is the proxy in the DMZ in the
first place?  Does it have any inbound connectivity to it?  Are there other
security issues surrounding it?

Paul

-----Original Message-----
From: Dan Hitchcock [mailto:[email protected]]
Sent: 10 October 2000 17:56
To: '[email protected]'; Keith Mccann
Cc: [email protected]
Subject: RE: [FW1] Proxy server and Firewall-1



Since the firewall has to forward packets and enforce security between
interfaces in either case, I wouldn't expect any difference at all in
performance (unless your switch fabric on the inside is extremely busy).

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, October 10, 2000 9:20 AM
To: Keith Mccann
Cc: [email protected]
Subject: Re: [FW1] Proxy server and Firewall-1





I would advise you to separate the proxy server from the
firewall.  Depending on the number of users but there will be a
big degradation if you put the proxy server on the same box as
the firewall.

-Hungdan Ly




"Keith Mccann" <[email protected]> on 10/10/2000 11:35:55 AM
To:   [email protected]
cc:    (bcc: Hungdan Ly/New York/ACMC)

Subject:  [FW1] Proxy server and Firewall-1




I am currently using a Deerfield Wingate proxy server in the DMZ
of a
Firewall-1 firewall

Is it likely to improve performance if I move the proxy server
inside the
firewall, or is this likely to cause any major issues?

Regards

Keith McCann




============================================================================
====

     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====







============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====
---------------------------------------------------------------------------------
This e-mail is intended only for the above addressee. It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it. If you have
received it in error please delete it and immediately notify the
sender.

evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
England, number 2065.  Telephone No: 020 7626 1500
Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
Edinburgh EH2 4LH. Registered in Scotland, number 95237.  Telephone
No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Personal Investment Authority and represent only the Scottish Widows
and Lloyds TSB Marketing Group for life assurance, pensions and
investment business.

Members of the UK Banking Ombudsman Scheme and signatories to the UK
Banking Code.
----------------------------------------------------------------------------------


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] 3DES
Next by Date: [FW1] fw test for security holes on NT
Previous by thread: AW: [FW1] How can I block ports 264 & 265?
Next by thread: [FW1] fw test for security holes on NT
Index(es):
- Date
- Thread