Re: Application Firewalls.

From: mobius (noone_at_noneya.com)
Date: 05/19/05

Next message: Joseph Byrns: "recommend"
Previous message: 2005: "Remote Log from WinXP to Win2000 + newbie + Tutorial Guide?"
In reply to: Michael Pelletier: "Re: Application Firewalls."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 19 May 2005 14:52:58 -0400

Zone Alarms Integrity will integrate AD groups and users if you did not
move them to a different OU. From there you can create policies to
apply to your groups. It also has the application intelligence layer 7
for only a handful of protocols like http, ftp, smtp, impa4, nntp, pop3
Layer 3 settings are located under the firewall option.

Michael Pelletier wrote:

>goooglegroups@yahoo.com wrote:
>
>
>
>>Hello,
>>
>>Can some guide me about aLayer3 Firewall with Following Capabilitites:
>>
>>
>
>First your post says "application firewall" but you ask about a layer 3
>firewall. These are not the same. I think you mean an application layer
>firewall correct?
>
>
>
>>Microsoft Active Directory Integration:
>>
>>
>
>Really LDAP integration. Why do you ask for this? You want to allow only
>authenticated users web access? Restrict by user groups maybe?
>
>
>
>>Bandwidth management Applications and Users.
>>
>>
>
>Most, even open source firewalls, can do this. Well not for users but for
>port based applications. You can also prioritize your traffic in/out of
>your company by doing it on your routers and switches.
>
>
>
>>Application Bandwidth management.
>>
>>
>
>Isn't this the same as above?
>
>
>
>>I hope this is hardly possible to include all these features in one
>>module,,but I want at least two of them integrated
>>
>>( Please don't include MS ISA server "the pathetic " )
>>
>>
>
>NEVER. ISA is a POS.
>
>
>
>>Regards,
>>
>>Nasir Mahmood
>>Sr.Executive IT (Data Networks)
>>Pak Telecom Mobile Limited (Ufone)
>>Islamabad, Pakistan.
>>cell: +923335500097
>>
>>
>
>I am not sure if you will find an all-in-one, if you do it will be very
>pricey. You might be better off splitting it up into different servers.
>
>Michael
>
>

Next message: Joseph Byrns: "recommend"
Previous message: 2005: "Remote Log from WinXP to Win2000 + newbie + Tutorial Guide?"
In reply to: Michael Pelletier: "Re: Application Firewalls."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: can sasser& Blaster get to the computer?
... Because of a hardware conflict I cannot update the laptop. ... >>Will the desktop computer with the firewall also protect the laptop even if>>I disable the firewall on the laptop? ... Each layer is necessary because no> layer produces complete protection. ...
(microsoft.public.windowsxp.help_and_support)
Re: can sasser& Blaster get to the computer?
... Because of a hardware conflict I cannot update the laptop. ... >>Will the desktop computer with the firewall also protect the laptop even if>>I disable the firewall on the laptop? ... Each layer is necessary because no> layer produces complete protection. ...
(microsoft.public.windowsxp.network_web)
Re: can sasser& Blaster get to the computer?
... Because of a hardware conflict I cannot update the laptop. ... >>Will the desktop computer with the firewall also protect the laptop even if>>I disable the firewall on the laptop? ... Each layer is necessary because no> layer produces complete protection. ...
(microsoft.public.windowsxp.general)
Re: Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder: NET_NEEDS_GIANT, debug.mpsafenet
... Among other things, there are race conditions such that the lookup could return one pcb in the input path and use that for the check, but another pcb during TCP-layer delivery. ... One idea that I'd been pondering was having the inpcb code in the TCP/UDP/SCTP/etc layers invoke event handlers as bindings/connections are made, making credentials and other information available to firewall packages, which could then cache information under their own locks. ... In Mac OS X Leopard, many of the traditional "firewall" sorts of checks are now performed at the socket layer using this sort of approach -- this provides greater application context, allows control of things like binding/listening, not just packet transmission and receipt, and provides access to the data as received at the application layer rather than at the datagram layer, avoiding the need for normalization. ...
(freebsd-arch)
Re: Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder: NET_NEEDS_GIANT, debug.mpsafenet
... Among other things, there are race conditions such that the lookup could return one pcb in the input path and use that for the check, but another pcb during TCP-layer delivery. ... One idea that I'd been pondering was having the inpcb code in the TCP/UDP/SCTP/etc layers invoke event handlers as bindings/connections are made, making credentials and other information available to firewall packages, which could then cache information under their own locks. ... In Mac OS X Leopard, many of the traditional "firewall" sorts of checks are now performed at the socket layer using this sort of approach -- this provides greater application context, allows control of things like binding/listening, not just packet transmission and receipt, and provides access to the data as received at the application layer rather than at the datagram layer, avoiding the need for normalization. ...
(freebsd-current)