[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] URL Filtering interactions with FW1
The UFP is the protocol that the traffic is sent over from the Firewall to the server. It is actually not the performance issue. The performance issue is with the HTTP security server. Thsi is the process that passes the UFP the traffic originally. However, in 4.1 SP3+ Checkpoint has something called UFP caching which signifigantly reduces the amount of requests that go through the HTTP Security Server (if they are cached then the "decisions" are made by inspect, thus running in kernel space and not as a process like the HTTP security server). Note: The UFP vendor MUST support this. If you want additional information on this, let me know. -----Original Message----- From: Hartmann, Josef [mailto:[email protected]] Sent: Thursday, January 11, 2001 12:49 AM To: '[email protected]' Subject: RE: [FW1] URL Filtering interactions with FW1 Hi, FW-1 4.1 sp2 (?) supprts ufp fail over which means, if the UFP server goes down HTTP traffic is allowed without any UFP cheching. However my experience is that it does not fall back when the UFP server comes up again. Then I had to reinstall the policy again. Also, don't forget that UFP performs really poorly having a large amount of users. Cheers, Josef > -----Original Message----- > From: Dean Landis II [SMTP:[email protected]] > Sent: Wednesday, January 10, 2001 9:39 PM > To: [email protected] > Subject: [FW1] URL Filtering interactions with FW1 > > > Looking for how FW1 handles URL Filtering via a UFP server. > > My most critical concern is what happens if the UFP become unreachable > (network down, server down etc) does FW1 continue to allow HTTP requests > or > do they cease to pass? Does the UFP become a single point of failure or is > > the 'fallback' to pass HTTP without filters? > > Related, it would be nice to know if the FW1 and UFP are constantly > communicating or only when the URL filers change on the UFP or only during > > HTTP requests? > > Would appreciate any assistance on this. > > Thx, > Dean > > Dean Landis II > Landis.net > > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > <http://www.checkpoint.com/services/mailing.html>http://www.checkpoint.com/s ervices/mailing.html > ========================================================================== > ====== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at <http://www.checkpoint.com/services/mailing.html>http://www.checkpoint.com/s ervices/mailing.html ============================================================================ ==== --------------------- Dan Hubbard Websense Inc. San Diego, CA ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|