In some mail from Dan DeWaal, sie said:
> I'm looking for opinions on MLSI (Multi-Layer Stateful Inspection) vs.
> application gateway firewall architecture. We are in the process of
> an internal firewall and may have to choose between these technologies.
I've yet to see a product or hear of a product which does MLSI perfectly.
(Yes, what that means is that products which do it are `forced' to make a
number of assumptions about things which can lead to the product not
behaving as one woudl expect).
It is much easier to turn a application gateway into a transparent proxy
and have that work 100% than it is for MLSI to be 100% - IMHO.
I'd trust the application gateway before the MLSI.