Re: Hardware Firewall Recommendation

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 06/20/04


Date: Sun, 20 Jun 2004 07:20:19 -0400

On 20 Jun 2004 00:39:11 -0500, Micheal Robert Zium spoketh

>Lars M. Hansen wrote:
>
>>Some firewalls use application proxies rather than packet filters. So,
>>that would make it very much a "firewall" program on the firewall.
>
>Really? Could you provide some examples? Thank you.

Symantec Enterprise Firewall (formerly Axent Raptor) uses proxies for
several protocols, such as HTTP, SMTP, FTP, Telnet and possibly H.232.
This allows for better control of what goes through the firewall, and
that it complies with protocol specifications.

For HTTP, that means you can block "port" while allow "get", as well as
specifying url filters to prevent uploads/downloads of specific urls
(one that was recommenced was to filter out cmd.exe to block out
Nimda.Code Red).

For SMTP, you had the option to block certain commands, such as VRFY and
EXPN, set limits on the number of recipients, check against blackhole
lists...

I think Leythos have mentioned on several occasions that the Watchguard
line of firewalls also uses proxies, at least for http.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)



Relevant Pages

  • Re: operationg system firewall question
    ... They may or may not add proxies on top. ... In general Windows based firewalls are easiest for most to ... For most a hardware device seems to be the best solution. ...
    (comp.security.firewalls)
  • Re: Great Firewall/Australia censorship proposal
    ... online radio station from behind work firewalls. ... which SSL proxies are used to encrypt that data traffic. ... VPN connects unless you use their cert with their ...
    (comp.security.firewalls)
  • Re: Server push
    ... > the connection bar to ensure that the requested action is still valid. ... if you really want to reproduce server push you will need an activex ... > a lot of firewalls and proxies will stamp all over this and time the ...
    (comp.lang.php)
  • Re: [fw-wiz] Firewalls that generate new packets..
    ... and most of their competitors have proxies. ... Long live proxy firewalls. ... But if my experience with Internet-enabled software vendors is anywhere ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewalls that generate new packets..
    ... I believe this goes into the "proxies rawk" folder alongside my posts. ... I really would like to see a thorough analysis of the performance of an application layer policy enforcement using strictly stateful inspection ... I am not certain this could be done using any COTS firewalls today b/c the implementations have blurred the distinctions. ... Long live proxy firewalls. ...
    (Firewall-Wizards)