Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] HTTP security sever woes on NG... almost there!

To: [email protected]
Subject: [FW-1] HTTP security sever woes on NG... almost there!
From: "Abe L. Getchell" <[email protected]>
Date: Mon, 10 Jun 2002 23:54:37 -0400
Comments: cc: [email protected], [email protected], [email protected]
Importance: Normal
Organization: -
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hey all,
        First, let me say thanks to all for either writing me in private
or posting to the list about what could possibly be done to get the HTTP
security server working for me in my situation.  With the answers from
the list as well as what I've been able to find on the web I'm almost
there.  ALMOST.  Everything was up and running spectacularly all day
today when out of nowhere tonight the ahttpd.elg starts filling up with
"Too many open files" error messages again.  I'm jacking the max file
handles setting and calling support tomorrow morning.
        I would like to stress something that Jim ([email protected])
said, "...but the fact remains, its in the manual, it should work...
thats what the customers say!"  I couldn't agree with this statement
more.  It _does not_ say in the manual that it should only be used for
small networks or as a temporary solution as some of you guys have
eluded to in commentary on the list.  Checkpoint says it will work.
Checkpoint says it will filter URLs.  It doesn't work, and should for
the money we paid for the unlimited licenses we purchased.
        Yeah, there are better solutions out there, such as reverse
proxies and the like.  However, the customer's site I'm working at has
invested a lot of money in hardware and software.  Why not leverage the
system that's already in place (that the customer has already paid for)
to bring some sort of additional benefit to them?  Sure, I could
recommend that they spend another $100k for a couple of NetCache's to do
reverse proxying with, but why _should_ I if there's a product IN PLACE
that _should_ provide the same capabilities (besides caching, but we're
not looking for that here).
        I'm not bashing Checkpoint as a company or Firewall-1 NG as a
product, as I think they are an excellent company that makes an
excellent product... I just don't think they should market their product
as being an "enterprise solution" if parts of that product can't keep up
with enterprise demands.  I'll get off my soapbox now. =)

Thanks,
Abe

--
Abe L. Getchell
Security Engineer
[email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] HTTP security sever woes on NG... almost there!
  - From: Anthony Mendoza <[email protected]>

Prev by Date: Re: [FW-1] Anyone tried 4.1 SP6 yet?
Next by Date: [FW-1] IPSec tunnel issue
Previous by thread: Re: [FW-1] FW-1
Next by thread: Re: [FW-1] HTTP security sever woes on NG... almost there!
Index(es):
- Date
- Thread