Firewall Wizards mailing list archives
Re: Gauntlet adaptive proxies
From: Darren Reed <darrenr () reed wattle id au>
Date: Sun, 8 Nov 1998 21:30:24 +1100 (EST)
In some email I received from Chris Michael, sie wrote:
What do folks make of Gauntlet's adaptive proxies that got best of show at Networld+Interop? As I understand it the proxies can be configured to switch over to packet filtering after the intitial connection has been set up thus preserving a lot of the security while increasing the speed.
Well, lets take the most basic (and most hated ? ;) example of FTP. Something I have often thought of doing (and perhaps they do) is to have your FTP proxy work as per FWTK but when it sees a PORT/PASV command, it sets up the right filter rule(s) to allow direct throughput. In a similar fashion, you might have your HTTP proxy look at what would be the HEAD of the HTTP conversation and examine that as necessary before setting up rules to allow the rest of the data to flow without going through the proxy. It's one of those things I'd love to have had time to do but now perhaps someone else already has. Darren
Current thread:
- Uni Allan Whittaker (Nov 02)
- Re: Uni Gigi Sullivan (Nov 07)
- Gauntlet adaptive proxies Chris Michael (Nov 07)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 08)
- Re: Gauntlet adaptive proxies Frederick M Avolio (Nov 10)
- Re: Gauntlet adaptive proxies David Bonn (Nov 10)
- <Possible follow-ups>
- Re: Uni Bob Acosta (Nov 07)