Sorry their public documentation is pretty poor - at least what I found.
They have a claim of dynamic packet filtering. It is not clear whether
this product uses a shim driver that passes packet to a fw component for
comparison against a filter list (i.e.,if it the fw died would that
inherently stop the ability for the box to pass packets.) Also, if
IPFORWARDING in the kernel is disabled as the default I would guess that
all would be well with the exception that the box itself might not be
shielded from attacks - that should be where the a low level shim would be
reasonable.
I still would say the devil may be in the details. Any idea why this box
is not ICSA certified - after all it is MS and $$$ aren't exactly limited.
At 12:25 PM 9/29/00 +0300, you wrote:
>
>MS Proxy fails closed. If correctly configured it never routes packets - IP
>forwarding disabled on OS level. It's Proxy after all :-)
>BTW I'm not starting religious wars about Proxy based vs. Packet filtering
>Firewalls
>
>-----Original Message-----
>From: Tony Miedaner [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, September 28, 2000 23:11
>To: Carl T
>Cc: [EMAIL PROTECTED]
>Subject: Re: [FW1] Firewall
>
>
>
>Somewhat off topic but....
>
>IMHO, the devils in the details. Very basically, a well designed fw
>product should fail closed (passes nothing). I would suspect that MS Proxy
>would have the potential to fail open. Can anyone else comment on this?
>
>fw-1 at a minimum passes that test.
>
>At 12:39 PM 9/28/00 CDT, you wrote:
>>
>>Hello all,
>>
>>Excuse me if this not the right question to ask here.
>>I am new to Firewall/Proxy software.
>>My question is, can I use FW-1 with Ms Proxy 2.0?
>>We are using Ms Proxy right now, do we need FW-1 for a tighter security?
>>Or however it work?
>>
>>Can someone help?
>>
>>Thanks in advance
>>
>>Carl
>>_________________________________________________________________________
>>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>>
>>Share information about yourself, create your own public profile at
>>http://profiles.msn.com.
>>
>>
>>
>>===========================================================================
>=====
>> To unsubscribe from this mailing list, please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>>===========================================================================
>=====
>>
>>
>Tony Miedaner
>Network Security Engineer
>Network Engineering Unit
>Appliedtheory Inc.
>315-453-2912 x5863
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>
Tony Miedaner
Network Security Engineer
Network Engineering Unit
Appliedtheory Inc.
315-453-2912 x5863
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
