Firewalls: RE: transparent AG

Firewalls
(July 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: transparent AG
From:	Dale Lancaster <dlancaster @ raptor . com>
Date:	Tue, 30 Jul 1996 12:44:08 -0500
To:	Alan_AMBERS @ CO . FREDERICK . MD . US (Alan AMBERS)
Cc:	firewalls @ GreatCircle . COM

At 01:52 PM 7/25/96 +0500, Alan AMBERS wrote:
>> You setup the default route on the network to be the internal interface
>> of the firewall.  The firewall reads every packet that comes in.  If the
>> destination is a external ip and the protocol is proxied it then checks
>> against it's permission tables.  If the service is allowed from the
>> source IP then it proxies the packet through.
>> Interestingly in early testing of the Eagle NT product we had problems
>> with the proxy settings in Netscape working through the Firewall.  We
>> called and were told that they were having problems and the thing to do
>> was set Netscape to no proxies and make sure that the default route on
>> the machine was the internal interface on the Firewall.  It worked, not
>> much more to it.
>>
>I am also a user of Raptor (on HP-UX).  The sofwtware is "transparent"
>providing you point the http: proxy on your browswer to your firewall
>(internal interface).  On the unix side, I have had no problem at all with
>the proxy, but there would be the *initial* setup on every machine. After
>that, it is transparent to the user which is different than the
>"transparent" mode which does not use a proxy, but still does NAT.
>
As mentioned in the aboved mail message, you do not *need* to put an entry
in your client brower proxy field.  If your client has a "default route" to
the internal interface of the firewall, the Raptor firewall will (if you
have configued it do so) transparently proxy the HTTP request through to the
actual destination.  To be clear, not only does your client have to have a
"default gateway", but if its default gateway is a router, that router must
have a way to route that packet to the firewall, either as a static route or
as a default route.  This is real useful since you don't have to train your
users to enter a proxy on the browser or have your computer support staff do
it for them.  However, it is also *o.k.* to put something in the HTTP proxy
field and the firewall will proxy the connection through.

regards,

dale
===============================================================================
	Dale Lancaster 		Web: www.raptor.com

	Raptor Systems		"The Eagle of Firewalls"
	dlancaster @
 raptor .
 com   	
	(214) 423-6212	  	Eagle - LanTimes "Best of Times" Honor - July 1996
===============================================================================

Indexed By Date	Previous:	Re: denying services at the router From: bobk @ manzanita (Bob Konigsberg)
Indexed By Date	Next:	Firewall Java blocking From: "James Croall" <jcroall @ smiley . mitre . org>
Indexed By Thread	Previous:	RE: transparent AG From: Alan_AMBERS @ CO . FREDERICK . MD . US (Alan AMBERS)
Indexed By Thread	Next:	Looking for Intra/Internet Recommendations for DNS Configuration From: "Jarmon, Don R" <drjarmon @ ingr . com>