I had asked this same question a while back for a couple of public facing IIS web servers. I looked at a product from Barracuda Networks that looks like a very powerful Web Application Firewall at a very good price. I currently use the Spam Firewall and Web Filter from Barracuda Networks and very happy with the products and support.
I haven't implemented anything yet but once we get closer to needing something I will probably take another look. http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php John Scott Moore <[email protected]> Sent by: Mailing list for discussion of Firewall-1 <[email protected]> 07/16/2009 04:13 PM Please respond to Mailing list for discussion of Firewall-1 <[email protected]> To [email protected] cc Subject Re: [FW-1] Checkpoint and Reverse Proxies Yes, I'm well aware the best approach is to use ISA to perform this work. I have done this through ISA and would prefer to do it that way, however the particular solution I am putting in place does not have ISA as part of it's target architecture. I'm trying to figure out whether there is a way this can be done without ISA as part of the picture in a secure fashion. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Cassell, Damon Z. Sent: Thursday, July 16, 2009 3:49 PM To: [email protected] Subject: Re: [FW-1] Checkpoint and Reverse Proxies I know this is a Check Point list and I don't want to go too far off-topic here, but I have to ask... If reverse proxy with SSL decryption is your requirement, is there a specific reason you're not going to use Microsoft ISA/Forefront for this? It's designed specifically for all of these tasks, it's actually reasonably affordable and it works well enough. This topic comes up periodically in Check Point discussions. They don't do what ISA does. If you want an SSL VPN, they'll sell you a Connectra, but that's not the same thing. Damon -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Scott Moore Sent: Thursday, July 16, 2009 3:16 PM To: [email protected] Subject: [FW-1] Checkpoint and Reverse Proxies I'm looking for guidance on how a reverse proxy can best be implemented through Checkpoint. I will be publishing the following things. 1. Exchange traffic a. OWA b. Autodiscover / RPC over HTTPS c. ActiveSync 2. OCS Reverse Proxy Does anyone have experience doing this and any pointers? Thanks, Scott Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ------------------------ The information contained in this email and any attachments may contain confidential, proprietary, business sensitive, privileged or controlled information. If you are not the intended recipient, any disclosure, dissemination, distribution, duplication or other unauthorized use of the information contained in this email or any attachment is strictly prohibited. Unauthorized interception of this e-mail is a violation of law. If you are not the intended recipient, please notify the sender by reply email and immediately and permanently delete this mail and any attachments and any copies of them. Technical data and/or information provided in this email or any attachment may be subject to U.S. export control laws. Export, re-export, diversion or disclosure contrary to U.S. law is prohibited. It is your responsibility to check this email and any attachments for viruses or other harmful code before opening or forwarding. ------------------------ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
