Re: [fw-wiz] Application Intelligent vs ALG

From: Shimon Silberschlag (shimons_at_bll.co.il)
Date: 06/24/03

Next message: Bruce Smith: "Re: [fw-wiz] PIX Failover Questions"

Previous message: Dave Rinker: "Re: [fw-wiz] PIX Failover Questions"
In reply to: Frederick M Avolio: "Re: [fw-wiz] Application Intelligent vs ALG"
Next in thread: Adam Shostack: "Re: [fw-wiz] Application Intelligent vs ALG"
Reply: Adam Shostack: "Re: [fw-wiz] Application Intelligent vs ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 24 Jun 2003 09:10:02 +0200

It is my understanding that CP is different from an ALG because with
an ALG, the ALG rewrites the packet to the destination, while with
Checkpoint Application Intelligence, they only check if its "safe" to
pass to the destination.

If its better or not, remains to be seen.

Shimon Silberschlag

+972-3-9351572
+972-51-207130

----- Original Message -----
From: "Frederick M Avolio" <fred@avolio.com>
To: <SimonChan@lifeisgreat.com.sg>;
<firewall-wizards@honor.icsalabs.com>
Sent: Monday, June 23, 2003 15:18
Subject: Re: [fw-wiz] Application Intelligent vs ALG

> A fancy proxy.
>
> Three different people from Check Point wrote me in response to a
recent
> column of mine, basically asking me if I had heard of this new
feature.
>
> I replied with a brief history. In short: Firewall-1 comes on the
scene,
> most FW1 users implement it with modules from the TIS FWTK (for
adding user
> authentication to FTP and TELNET), Check Point's marketing says
proxies are
> old technology, stateful inspection is the next generation of
firewall
> technology (before the term became a product name), people persisted
in
> using proxies, CP added "security servers" (proxies by another
name), and
> now this.
>
> I asked them, how is this different from application gateways
(security
> proxies). I applaud the addition of them (like there are other
hybrid
> firewalls). But none of the three folks from CP replied to me.
>
> I have no agenda, except the truth. (Boy, is this guy noble, or
what? :-))
> I'd like to know the answer to this: How this is different than
application
> gateways (if it is), and why is it better than Sidewinder, Firebox,
Raptor,
> et al.
>
>
> Fred
> Avolio Consulting, Inc.
> 16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
> +1 410-309-6910 (voice) +1 410-309-6911 (fax)
> http://www.avolio.com/
> PGP Key Fingerprint: 928D 0903 934F 8CFA 6124
> BBF6 0B45 93C7 3521 CEA0
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Bruce Smith: "Re: [fw-wiz] PIX Failover Questions"

Previous message: Dave Rinker: "Re: [fw-wiz] PIX Failover Questions"
In reply to: Frederick M Avolio: "Re: [fw-wiz] Application Intelligent vs ALG"
Next in thread: Adam Shostack: "Re: [fw-wiz] Application Intelligent vs ALG"
Reply: Adam Shostack: "Re: [fw-wiz] Application Intelligent vs ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]