[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall-1 and MS Proxy Configuration

To: Dean Cunningham <DeanC@wairc.govt.nz>
Subject: RE: [FW1] Firewall-1 and MS Proxy Configuration
From: sirving@ca.ibm.com
Date: Wed, 1 Sep 1999 11:00:26 -0400
Cc: 'Pranadjaja' <Prana@mii.metrodata.co.id>, "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>




I would go with the following
internal ---------------------fw-1 ----------------------------router
-------------Internet
                                                 |
                                                 |
                                           Proxy

Sure this will mean a little more traffic for the firewall to handle when a page
isn't cached but it protects the proxy a little better and also gives
flexability of when and who has to use the proxy etc.


Dean Cunningham <DeanC@wairc.govt.nz> on 08/31/99 01:36:26 AM

Please respond to Dean Cunningham <DeanC@wairc.govt.nz>

To:   "'Pranadjaja'" <Prana@mii.metrodata.co.id>
cc:   "'fw-1-mailinglist@lists.us.checkpoint.com'"
      <fw-1-mailinglist@lists.us.checkpoint.com>
Subject:  RE: [FW1] Firewall-1 and MS Proxy Configuration






FWIW

I'd punt for this,
--------------Firewall-1---------------Router -----Internet
                         |
                      Proxy Server

This is your only option if you want to use firewall as your security
authority.
Set up the router to allow calls inititated from the proxy server out
but not the other way around.

Chris what hole has been blown in the firewall??

cheers
deanc


-----Original Message-----
From: Pranadjaja [mailto:Prana@mii.metrodata.co.id]
Sent: Tuesday, August 31, 1999 4:42 PM
To: 'Tim Mcmanus'; Pranadjaja
Cc: fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Firewall-1 and MS Proxy Configuration




>> We don't use NT domain. We want all users connecting to the internet to
be maintained in Firewall database. So, we use HTTP authentication
server of
Firewall-1. MS Proxy will be used only as caching proxy, not dealing
with
security matters.
>> So, authentication based on NT domain user account is not an option. Our
environment consists of UNIX and Windows 96/98 boxes.

So, once again, I want to ask which configuration should I use :

Internal Net
---------------Firewall-1----Router----Internet
    |
Proxy Server

or

--------------Firewall-1---------------Router -----Internet
                         |
                      Proxy Server

Someone has suggested to use configuration like this :

internal network
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
***************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Firewall log Switching Problem
Next by Date: [FW1] What license do I need to manage a BaySecure module?
Prev by thread: [FW1] Firewall log Switching Problem
Next by thread: RE: [FW1] Firewall-1 and MS Proxy Configuration
Index(es):
- Date
- Thread