Re: Gauntlet adaptive proxies

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Chris Michael, sie wrote:
> What do folks make of Gauntlet's adaptive proxies that got best of show at
> Networld+Interop?  As I understand it the proxies can be configured to
> switch over to packet filtering after the intitial connection has been set
> up thus preserving a lot of the security while increasing the speed.  

Well, lets take the most basic (and most hated ? ;) example of FTP.
Something I have often thought of doing (and perhaps they do) is to
have your FTP proxy work as per FWTK but when it sees a PORT/PASV
command, it sets up the right filter rule(s) to allow direct throughput.

In a similar fashion, you might have your HTTP proxy look at what would
be the HEAD of the HTTP conversation and examine that as necessary before
setting up rules to allow the rest of the data to flow without going through
the proxy.

It's one of those things I'd love to have had time to do but now perhaps
someone else already has.

Darren