RE: [fw-wiz] Gauntlet 6 "adaptive proxy"

From: Shivdasani, Meenoo (Meenoo.Shivdasani_at_venterscience.org)
Date: 08/18/04

Next message: Kevin Sheldrake: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"

Previous message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
Maybe in reply to: Kevin Kadow: "[fw-wiz] Gauntlet 6 "adaptive proxy""
Next in thread: Kevin Kadow: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Kevin Kadow" <kevin@msg.net>, <firewall-wizards@honor.icsalabs.com>
Date: Tue, 17 Aug 2004 23:00:14 -0400

Kevin,

Basically, what adaptive proxy in Gauntlet 6 does is run the initial connection through the usual proxy mechanism and then memorize the fact that the connection has passed the usual checks at which point the connection is handled at the packet filter level rather than taking it up to the proxy level. When you use adaptive proxy, you can't do things like content filtering or virus scanning at the application level. If I remember correctly, those checks take precedence over adaptive proxy so if you have them enabled, adaptive proxy doesn't kick in even if you have it enabled.

The security trade-off is the fact that the traffic bypasses the application level checks.

-----Original Message-----
From: Kevin Kadow [mailto:kevin@msg.net]
Sent: Tue 8/17/2004 8:51 PM
To: firewall-wizards@honor.icsalabs.com
Cc:
Subject: [fw-wiz] Gauntlet 6 "adaptive proxy"
I know it's ancient (but vendor supported until 2005), but can anybody share insight into this Gauntlet feature?

I'm trying to eke out every bit of performance I can from my old GFW6.0 machines, and have been told that I should turn on "adaptive proxy" to boost HTTP and FTP performance.

The docs imply a security trade-off, but do not give details.

Thanks,

Kevin Kadow
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Kevin Sheldrake: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"

Previous message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Remote Access via Checkpoint VPN"
Maybe in reply to: Kevin Kadow: "[fw-wiz] Gauntlet 6 "adaptive proxy""
Next in thread: Kevin Kadow: "Re: [fw-wiz] Gauntlet 6 "adaptive proxy""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]