For what it's worth, ICA uses a single TCP port, so it should be very easy to
add support under Gauntlet or other proxy based firewalls using a plug-proxy.
Many firewall vendors (NAI included) list a whole bunch of "supported"
applications that they proxy, but in reality these are just preconfigured
plug-proxies, with no real application awareness. IMHO, these vendors
should distinguish when the proxy is doing real application filtering (i.e.,
http-gw on Gauntlet) versus just plugging the port.
=========
On Mon, 24 May 1999 21:26:50 -0700, Jen <[EMAIL PROTECTED]> wrote:
>This is exactly the sort of issue that prevented us from buying
>Gauntlet. A secure firewall that doesn't let you do what you need to do
>to support your business doesn't do anyone any good. NAI doesn't seem
>to be any faster at adding new proxies than TIS was. The list of
>supported services
>(http://www.nai.com/products/security/prodserv/gauntlet/firewalls/configurations/unix/unix.asp#supported_services)
>doesn't look much longer than it was the last time I checked. The NT
>version is even worse.
>
>When we were looking into firewalls, one of the things we wanted support
>on was ICA. I see that NAI still hasn't added ICA support, even though
>many people use ICA. Many Application Service Providers (ASPs) are
>going to be using this or a similar product -- and they're going to want
>to use firewalls to protect their servers.
>
>Any Gauntlet users care to defend the product? I guess if all you use
>are the supported protocols, then it's a wonder. But if you need
>something different, you've got troubles.
>
>Jen
>
>Mike Batchelor wrote:
>>
>> You may wish to remind your application folks, that if they cannot get this
>> DCOM application to work behind their own firewall, then it's highly likely
>> that other visitors will have the same troubles behind *their* company
>> firewall.
>>
>> Or do they only care about visitors who dialup directly to an ISP? If so,
>> then some dialup lines would be appropriate for your application people to use
>> to test their DCOM application. That solves the immediate problem, and has
>> the added benefit that your application people won't overload the new web site
>> with useless graphics. :)
>>
>> DCOM is what Microsoft and Digital (before they became Compaq) were touting as
>> a competitor to CORBA and IIOP. Or something like that.
>>
>> > -----Original Message-----
>> > From: [EMAIL PROTECTED]
>> > [mailto:[EMAIL PROTECTED]]On Behalf Of Magowan, Richard M.
>> > (ITS)
>> > Sent: Friday, May 21, 1999 6:34 AM
>> > To: '[EMAIL PROTECTED]'
>> > Subject: DCOM on Gauntlet
>> >
>> >
>> > Hi Folks,
>> >
>> > One of my user departments is developing an application that uses facilities
>> > at a site www.claimcard.com <http://www.claimcard.com> . The application
>> > apparently uses DCOM. The application will not work through my Gauntlet
>> > firewall (which I can't play with, it's managed). Claimcard tells me I have
>> > to implement DCOM on gauntlet. I realize Gauntlet is a proxy style firewall
>> > and that DCOM may have to be proxied. Is DCOM related to Active X? Is there
>> > a DCOM proxy for Gauntlet?
>> > We ran some traces, first using a dial-up internet connection to the
>> > claimcard site which worked fine, then traced the activity through Gauntlet.
>> > The good trace shows an HTTP "GET" command with two fields
>> > "If-Modified-Since:" and "If-None-Match:" which are not present in the bad
>> > trace. I have no clue what all this means. The applications folks came to me
>> > and said "you have to change your firewall". Well, as you may guess this is
>> > not gonna happen. Can anyone out there give me some hints as to what might
>> > be going on and maybe some suggestions to pass along to my ISP to see if
>> > they can get this thing to work. Any comments are appreciated.
>> >
>> > Thanks.
>> > -
>> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> > "unsubscribe firewalls" in the body of the message.]
>> >
>> >
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
