Firewalls: Re: Proxy vs. Stateful Inspection

Firewalls
(April 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Proxy vs. Stateful Inspection
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Sat, 26 Apr 1997 17:07:40 +1000 (EST)
To:	dewaald @ sprynet . com (Dan DeWaal)
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<199704241223 . FAA02454 @ m9 . sprynet . com> from "Dan DeWaal" at Apr 24, 97 07:22:28 am

In some mail from Dan DeWaal, sie said:
> 
> I'm looking for opinions on MLSI (Multi-Layer Stateful Inspection) vs. 
> application gateway firewall architecture.  We are in the process of
> selecting 
> an internal firewall and may have to choose between these technologies.

I've yet to see a product or hear of a product which does MLSI perfectly.
(Yes, what that means is that products which do it are `forced' to make a
 number of assumptions about things which can lead to the product not
 behaving as one woudl expect).

It is much easier to turn a application gateway into a transparent proxy
and have that work 100% than it is for MLSI to be 100% - IMHO.

I'd trust the application gateway before the MLSI.

Darren

References:

Proxy vs. Stateful Inspection
From: "Dan DeWaal" <dewaald @ sprynet . com>

Indexed By Date	Previous:	Re: your mail From: "Sameer R. Manek" <manek @ challenger . atc . fhda . edu>
Indexed By Date	Next:	Pay for Security Administrators From: pelicans @ mindspring . com (BeachCruiser)
Indexed By Thread	Previous:	Re: Proxy vs. Stateful Inspection From: Matt Wallace <mwallace @ netcom . com>
Indexed By Thread	Next:	Telnet (through Firewall) From: PAUL . SMITH @ arpstl-emh2 . army . mil