> > Frank wrote:
> > > I used packet filtering gateways often at a previous company and
> > > know their capabilities rather well.
> > Maybe Frank you ought to take a new look at packet screens. What you
> > may have used at a previous company is not what is available today. A
> > packet screen of old is not the same as a stateful packet screen of new.
> > They are two very different technologies.
> > Stateful Packet Screens can provide the functionality of application
> > relays with better scalability and better security.
> Quite frankly, there are many of us that prefer packet filtering.
> Application gateways can sometimes be rather ugly. :-)
?! I seriously doubt you know what you're talking about when making such a
1) 'many' - please don't make those kinds of comments, in my global
neighborhood I happen to meet many people who think the same way as I do,
2) a lot of cases benefit greatly when filter and proxy is combined, which is
the case on most real fw's I've seen until now.
Proxy in the sense of having SOCKS proxies. I have no idea why someone would
want plain single application proxies. Flame me, oh well.
--___ ____ __
| _ \/ __/| \ Christian Kuhtz <chk @
com> "And dsmit hailed:
| _/\__ \| \ \ Pencom Systems Administration Services We shall smit thou
|_| /___/|_|__\ for IBM Government Services, Boulder, CO forever!"