Re: Best practices: Two nic's but have harware firewall

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

You're talking about 'Protocol Layer' filtering. Yes, I'm well aware of
WatchGuard facilities along these lines. WatchGuard both proxy and filter at
the 'Protocol Layer'.

ISA does 'Application Layer' filtering, though one process may be allowed to
make connections to a remote service (let's say port 25, SMTP) another
process will be blocked from doing so. (There is a common problem where JAVA
apps do not pass currently logged on user credentials to ISA, which blocks
the HTTP traffic. It is easily remedied but lowers ISA security)

If your 'device' cannot distinguish between processes it is inferior to ISA
in combination with the ISA client. Some firewall devices also support a
'client application' which allows 'Application Layer' filtering, such
devices, and the licensing of them, normally cost more than ISA,
particularly ISA on SBS.

C'mon Leythos. You've been around long enough and must recognise me. Don't
point me to someone's base site URL. I'm pretty much insulted you thought it
worthwhile.

"Leythos" <void@xxxxxxxxxxx> wrote in message
news:dnWMf.138435$Q11.59796@xxxxxxxxxxxxxxxxxxxxxxxxx
In article <uCPuAFCPGHA.740@xxxxxxxxxxxxxxxxxxxx>, not@xxxxxxxxxxx
says...
I am not aware of any application layer filtering in WatchGuard products.
This may be a failing on my part. I would welcome a link to any
references
to such.

They provide SMTP and HTTP Proxy services built into it - they also
allow user enumeration with Windows. They have the ability to filter
content out of sessions while still allowing the approved content...

You can read more about them at www.watchguard.com - don't look at the
low end units, start with the X-700 and higher.

--

spam999free@xxxxxxxxxx
remove 999 in order to email me


.

Relevant Pages

  • Re: GFI Download Security for ISA Server as Spyware Blocker?
    ... but I should point out that there is apparently a bug in ISA ... 2004's content filtering that affects ASP pages. ... Also, bear in mind that MIME types take precidence over file extensions, so ...
    (microsoft.public.isaserver)
  • Re: GFI Download Security for ISA Server as Spyware Blocker?
    ... but I should point out that there is apparently a bug in ISA ... 2004's content filtering that affects ASP pages. ... Also, bear in mind that MIME types take precidence over file extensions, so ...
    (microsoft.public.isa)
  • Re: Have Autodetect Proxy for just HTTPs:
    ... RAM on the ISA and is configured based on the settings in the MMC GUI. ... Usually the filtering device goes inline on the outside of the ISA. ... However the viruses and such are not found in the outbound ... just the HTTPS protocol. ...
    (microsoft.public.isa)
  • RE: ISA as a proxy
    ... It can function as a transparent proxy, so you don't need to setup your ... forward to a privoxy server for ad filtering (I'm sure there are ways to do ... I put the ad filter in front of ISA because I wanted to kill that crap ... I use it via a VPN link from a remote office when I need to ...
    (Focus-Microsoft)
  • Re: Suche Hardware Firewall
    ... bei ISA Server ist das ne ganze Menge umfangreicher mit Reverse Proxy, ... Filtering usw. ...
    (microsoft.public.de.german.isaserver)