Re: using raptor as a choke router

[HASSAN.KARIM () chase com]

> So what is the use of these products ?
> ... I mean, if it is a bad thing to
combine both then why should I buy something which I wont fully use ?  I am
confuzzed !

Mike...
There are several reasons...
1. Alot of companies with smaller budgets want the option of combining this
all-in-one product into a single machine. It goes into the whole "Total
cost of ownership" thing for your security.
2. There are also environments that have varying levels of risks and so an
all-in-one solution might not be as risky.
3. Another reason I could think of is to standardize on one product but
deploy that product in different ways. I.e. in one environment -- say
inter-departmental -- you might want to just use this machine as a packet
filter but in another env -- say business partner connections -- you might
deploy  the same product as an application gateway. This way only one
person or set of people have to know the product.
4. And it really comes down to marketability... i.e. If my customers are
asking for it... best idea or not or not.. I'm going to build it and sell
it. Its up to my customers to determine the best way to deploy it. Hey... I
might even make money off of selling my cosulting services to them to
develop a better way to implement the firewalls that I sold them.

-Hassan





mjd () interaxon gr on 02/23/99 05:54:54 AM

Please respond to mjd () interaxon gr

To:   "'Firewall-wizards'" <firewall-wizards () nfr net>
cc:    (bcc: Hassan Karim/CHASE)

Subject:  using raptor as a choke router




Hi all

I have been reading up on firewalls and from what i can see it is not
recommended to mix an internal choke router with a bastion host (aka
application proxy.. or whatever).  this i can understand no probs.

However, I then look at the market and see all these "boxed" firewall
products, which as I understand it, work as packet filters and proxys.  As
an example I can use Raptor.  So what is the use of these products ?

For example, if I have a network which I connect to the internet using a
router (as an aside does anybody have any warnings about using a motorola
6520?) and i want a dmz to put in my smtp relay and dns proxy plus a web
server is it wise to use something like Raptor to both act as the internal
choke router and proxy?  and if it aint .. like the books say, why the hell
do they sell such stuff which can do both?  I mean, if it is a bad thing to
combine both then why should I buy something which I wont fully use ?  I am
confuzzed !

now I know I mention Raptor but there are a plethora of similar boxed
products out there..

any sound opinion is much sought !

tia

mike

---------------------------------------------------------------------------
-
-------------------------------
Michael J. Dilworth

Interaxon Ltd.  Athens.  Greece.              Tel:      (+301) 6801013/4
                              Fax: (+301) 6801015
---------------------------------------------------------------------------
-
------------------------------