Hi
Yes I did (doh!)
Tim Higgins
"Volker Tanger"
<Volker.Tanger@glob To: [EMAIL PROTECTED]
alone.net> cc:
Subject: Re: [FW1] ms proxy server
26/05/00 14:29
Hi!
I guess you wanted to post this to the list?
Amd no, I do not have experiences with.
Bye
Volker
[EMAIL PROTECTED] wrote:
> Hi
>
> Has anyone had experience of the Novell Cache app (especially
pre-installed
> "appliance" on Dell server) and how well this operates with FW-1 ?
>
> TIA
>
> Tim Higgins
>
>
> "Volker Tanger"
> <[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
> Sent by: cc:
> [EMAIL PROTECTED] Subject:
Re: [FW1] ms proxy server
> kpoint.com
>
>
> 26/05/00 13:46
>
>
>
> Greetings!
>
> > one of my customers want me to install proxy server 2.0 on his fine
> working firewall.
> > they need to restrict access to the internet. only special users will
get
> the right to access sites on the internet. all other users will get
access
> only to the intranet page. all users are working on a terminal server. i
> know that i should use the security server with user authentication, but
> for this i have to build up a second userdatabase. so my customer decided
> to use ms proxy server because it is able to use the existing nt
> userdatabase.
> >
> > so, my question is: does it make sense to install proxy server on an
> existing (and well functioning)
>
> > firewall-1 4.0 machine? and what's about security after that
> installation?
>
> I'd highly recommend to install the MS proxy on a different (second)
> machine on the inside network for various reasons.
>
> 1.) MS Proxy is an application running on MS IIS - with all benefits
(NTLM
> auth) and
> (security) problems it implies. Especially you will have to install
> hotfixes more often (with IIS)
> and close to published exploits, whicht _might_ interfere with some
> FW-1 stuff
>
> 2.) Simplified rule: allow HTTP only if coming from the proxy. Thus less
> hassle with internal
> network organization in the rules.
>
> 3.) The separate proxy can be optimized for cacheing - faster web
response
> and less transfer (costs).
>
> 4.) The MS Proxy comes with socks and (kind of) packet filtering (socks
> proxy only?! )
> which _might_ severely interfere with the FW-1 packet filtering
> modules if installed
> on the same machine.
>
> 5.) If installing a separate internal server, you won't have any
additional
> downtime.
> Especially you will have to completely reinstall the FW-1 server due
to
> the strange
> IIS installation (proper way: NT4, SP3, IE4, OP, proxy, IE5, SP6a,
> Hotfixes) if you
> choose to install both systems on one machine.
>
> 6.) Depending on your installation you might be able to strip all
> authentication off the firewall
> thus freeing resources.
>
> In fact you wont't be able to add the proxy to the FW-1 server - instead
> you will (have to) install NT and the proxy from scratch, and add the
FW-1
> to the proxy later...
>
> Bye
> Volker
>
> (See attached file: volker.tanger.vcf)
>
> #**********************************************************************
> This message is intended solely for the use of the individual
> or organisation to whom it is addressed. It may contain
> privileged or confidential information. If you have received
> this message in error, please notify the originator immediately.
> If you are not the intended recipient, you should not use,
> copy, alter, or disclose the contents of this message. All
> information or opinions expressed in this message and/or
> any attachments are those of the author and are not
> necessarily those of Hughes Network Systems Limited,
> including its European subsidiaries and affiliates. Hughes
> Network Systems Limited, including its European
> subsidiaries and affiliates accepts no responsibility for loss
> or damage arising from its use, including damage from virus.
> #**********************************************************************
(See attached file: volker.tanger.vcf)
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
volker.tanger.vcf
