[4884] in WWW Security List Archive
RE: Packet Filters or Proxy Firewalls?
daemon@ATHENA.MIT.EDU (Chris Susi)
Mon Mar 24 14:15:56 1997
From: Chris Susi <chris@bugfree.com>
To: "'Simon Yeo'" <syeo@cs.stanford.edu>
Cc: "'www-security@ns2.Rutgers.EDU'" <www-security@ns2.rutgers.edu>
Date: Mon, 24 Mar 1997 09:26:24 -0600
Errors-To: owner-www-security@ns2.rutgers.edu
I had come across this recently for a client and we were going to
Install MS Proxy Server. Infact we did install it, and it blew up our
Exchange Internet Mail Connector. Then we were informed by Microsoft
that Proxy Server and Internet Mail (non)Connector is a known bug.
Funny, you'd think they'd have tested that type of software interaction
before they shipped it. Being thier own software, and both dealing with
the Internet and all..
Only benefit we saw in Proxy Server was that we didn't need to install
TCP/IP throughout thier network (MS Proxy supports IPX to access any IP
based service except for Web-based services) and for those machines we
could use the private network address space (discussed in RFC 1596 I
believe).
On the other hand, since it had to sit on the web server and exchange
server (which was another goofy thing about it, you had to have Excange
and IIS running on your Proxy server, although Proxy and IMC didnt
work), and because it so completely hosed the configurations that we
decided it was quicker Fdisk and start from scratch.
We ended up going with a router based solution. While it didnt give all
of the advantages of a proxy server....it had the single big advantage
that....it worked.
Chris
>-----Original Message-----
>From: Simon Yeo [SMTP:syeo@cs.stanford.edu]
>Sent: Tuesday, March 18, 1997 10:48 PM
>To: www-security@ns2.Rutgers.EDU
>Subject: Packet Filters or Proxy Firewalls?
>
>
>
>Hello,
>
>We're looking to set up an interior firewall for our internet network
>mainly consisting of NT machines. We already have an exterior firewall
>set up, and will put our web, mail, and dns servers in the perimeter zone
>(between the two firewalls).
>
>I have had some experience with packet filtering routers (CISCO), so I'm
>inclined to purchase a similar router for the firewall. Before I do that,
>I need some opinions on why I should choose a proxy firewall instead of a
>simple packet filtering router, and visa versa. Things to consider are:
>
>1) Cost
>2) Performance
>3) Management cost (maintenance)
>4) Level of security
>5) etc.
>
>Thanks in advance,
>
>----
>Eclipse Technical Group
>Sr. IS Specialist
>Simon Yeo
>
>
>
