Firewall Wizards mailing list archives
Re:Bodermanager vs Blackhole firewall...
From: sandeep kumar <stalwar () yahoo com>
Date: Fri, 27 Nov 1998 08:30:08 -0800 (PST)
Don , your question is whether to use a proxy or not for a particular application. and if not use the proxy then what ? do we NAT ? There are two issues with the proxy: first a proxy normally would operate in the application layer so it would have the best knowledge about the current state of connection. second a proxy does not allow any direct connection between the two parties ie the the two ends say a ftp client inside the trusted network and a FTP server on the Internet. The proxy examines all the connections between the two ends. All the outgoing packets get the IP address of the proxy and all the incoming packets are neatly sent to the client on the internal network. But the drawback is speed. The speed of the connection slows down considerably as compared to packet filtering speeds.(because all the packets are analyzed at the application level) Now if in such a scenario if one were "not" to use a proxy then whether to use NAT question comes in. NAT is used for two cases(normally) first if you want to hide your internal host's IP address to the outside world. second if your Internal network has IP addresses which are non-routable like the 10.x.x.x range. So if one has a host on the internal trusted network which has a registered IP address then one would not use NAT. I hope the issue between the two firewalls viz Bordermanager and Blackhole is clear. Don Tuer <dtaadv () ionsys com> wrote that: Date: Thu, 12 Nov 1998 18:58:54 -0500 From: Don Tuer <dtaadv () ionsys com> Subject: [none] Hello: I'm wondering if anyone has used Novell's BorderManger or has any experience with this product. I have a customer who is looking to replace their Blackhole firewall with BorderManger. From what I can see Blackhole provides generic proxies which are currently not available in BorderManger. Would this mean that they have to implement NAT to support applications which do not have a proxy? Thanks Don _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- Re:Bodermanager vs Blackhole firewall... sandeep kumar (Nov 29)