Hello:
I need some advise. I am a newbie so please bare with me.
Our current firewall setup looks like this:
Untrusted----gauntlet4.2(BSDi)----trusted LAN
| | |
| | |
externalwebsite service network
Hope this is not confusing. We have customers from untrusted network
access a web site inside the service network through the external
website. We have a "plug" on the gauntlet4.2 that checks the source IP
and if IP matches external website then access is granted to enter the
service network. This works fine.
The problem is that Gauntlet 4.2 running on BSDi does not have a proxy
for Oracle SQL*Net. So we decided to test Gauntlet 3.0 running on NT
which has that capability. But unfortunately it does not support the
plug mentioned above (that's what I was told). So we are implementing
the following "kludgy" architecture:
Untrusted----gauntlet4.2(BSDi)---------trusted LAN
| | | |
| | | |
externalwebsite service network-----gauntlet3.0(NT)
As you can see we added another firewall to satisfy our Oracle SQL*Net
proxy requirement.
I am not very comfortable with this architecture. Two firewalls to
support two requirements? So, I am reevaluating our firewall situation
and I have some questions.
My questions are:
1. What is the best firewall in the market right now that supports
application proxy (like gauntlet)? (I hope I don't start a war here).
2. Can someone name a source (web site) that compares (pros and cons) of
proxy, application proxy, stateful inspection, circuit relay, NAT, and
packet filter?
3. As you can see from my first question, that, we would like to stick
with firewall that supports application proxy. Is this a good choice?
Any suggestions?
Any input would be greatly appreciated.
TIA.
Shoeb.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
