Firewall Wizards mailing list archives
Re: Gauntlet adaptive proxies
From: "Rodney van den Oever" <roever () nse simac nl>
Date: Mon, 9 Nov 1998 20:00:16 +0100
What do folks make of Gauntlet's adaptive proxies that got best of show at Networld+Interop? As I understand it the proxies can be configured to switch over to packet filtering after the intitial connection has been set up thus preserving a lot of the security while increasing the speed.Well, lets take the most basic (and most hated ? ;) example of FTP. Something I have often thought of doing (and perhaps they do) is to have your FTP proxy work as per FWTK but when it sees a PORT/PASV command, it sets up the right filter rule(s) to allow direct throughput. In a similar fashion, you might have your HTTP proxy look at what would be the HEAD of the HTTP conversation and examine that as necessary before setting up rules to allow the rest of the data to flow without going through the proxy.
Isn't this exactly what CheckPoint's Security Servers do? They intercept the packet, examine the data, then allow the packets right through. -- Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53 'It's not who you kill. It's what type of cereal you eat out of their skull.' - Cal Jones
Current thread:
- Re: Gauntlet adaptive proxies Dale Lancaster (Nov 08)
- Re: Gauntlet adaptive proxies Joseph S D Yao (Nov 09)
- <Possible follow-ups>
- RE: Gauntlet adaptive proxies ICMan (Nov 09)
- Re: Gauntlet adaptive proxies Rodney van den Oever (Nov 09)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 09)
- Re: Gauntlet adaptive proxies Kevin Steves (Nov 11)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 12)
- Re: Gauntlet adaptive proxies Kevin Steves (Nov 12)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 09)
- Re: Gauntlet adaptive proxies Joseph S D Yao (Nov 09)
- Re: Gauntlet adaptive proxies carson (Nov 10)