[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Proxy server and Firewall-1
I guess if your proxy is caching, it would follow that you would have less traffic through the firewall if it were on the inside, as a percentage of webpage requests would be resolved by the proxy without involving the firewall. This would imply a better firewall performance. Plus your firewall won't have to maintain the state of your user community talking to proxy in the DMZ and then that proxy talking to countless websites. It will just need to maintain the state of the proxy talking to the websites. This should bring a performance gain. So the question on everybody's lips is: why is the proxy in the DMZ in the first place? Does it have any inbound connectivity to it? Are there other security issues surrounding it? Paul -----Original Message----- From: Dan Hitchcock [mailto:[email protected]] Sent: 10 October 2000 17:56 To: '[email protected]'; Keith Mccann Cc: [email protected] Subject: RE: [FW1] Proxy server and Firewall-1 Since the firewall has to forward packets and enforce security between interfaces in either case, I wouldn't expect any difference at all in performance (unless your switch fabric on the inside is extremely busy). Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, October 10, 2000 9:20 AM To: Keith Mccann Cc: [email protected] Subject: Re: [FW1] Proxy server and Firewall-1 I would advise you to separate the proxy server from the firewall. Depending on the number of users but there will be a big degradation if you put the proxy server on the same box as the firewall. -Hungdan Ly "Keith Mccann" <[email protected]> on 10/10/2000 11:35:55 AM To: [email protected] cc: (bcc: Hungdan Ly/New York/ACMC) Subject: [FW1] Proxy server and Firewall-1 I am currently using a Deerfield Wingate proxy server in the DMZ of a Firewall-1 firewall Is it likely to improve performance if I move the proxy server inside the firewall, or is this likely to cause any major issues? Regards Keith McCann ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== --------------------------------------------------------------------------------- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. evolvebank.com is a division of Lloyds TSB Bank plc. Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in England, number 2065. Telephone No: 020 7626 1500 Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the Personal Investment Authority and represent only the Scottish Widows and Lloyds TSB Marketing Group for life assurance, pensions and investment business. Members of the UK Banking Ombudsman Scheme and signatories to the UK Banking Code. ---------------------------------------------------------------------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|