Leland -- I scanned your site and Watchguard's. Both look very interesting
and relevant to my needs.
We are in the early design phases of a super secure, rather high volume
(perhaps 1M hits/8 hr day) environment.
The transactions are quite simple. An incoming HTTPS query of about 150
bytes. The response from the secure service is also about 150 bytes long.
The HTTPS query will be handled by a farm of NT servers running IIS. We are
using ISAPI DLL's (which run under IIS) to handle the HTTPS request.
This is the ONLY type of traffic which will traverse the firewall. There
will be no need for PC's inside this secure network to browse or access the
Internet. The network will be ENTIRELY dedicated to these secure
transactions.
So what I need Firewall II to do is
a). Permit these HTTPS transactions.
b). Exclude all other port traffic.
c). Provide absolutely no access to the internal NT farm except via the
aforementioned HTTPS transactions.
d). Perhaps provide protection against denial of service attacks (if that's
possible with such a device).
e). Be certain that Firewall II can not be hacked or administered by
outside parties.
Are we are the right track with FireWall II? How do I provide system
reduncancy -- with two units running in parallel?
TIA
Harry
(yet other Ph.D.! Mechanical Engineering)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Leland V. Lammert
Sent: Thursday, July 22, 1999 9:07 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OT: Hardware proxy?
At 02:47 PM 7/21/99 -0700, Harry Whitehouse wrote:
>
>Is there an industrial-strength proxy available commerically which only
>permits 443 traffic? I know I could get something like MS Proxy Server
>software and run it on an NT, but the stream of security patches I get from
>MS regarding NT isn't particularly calming to me -- suppose someone hacks
my
>proxy NT?
>
>So is there something more basic -- perhaps a dedicated hardware device --
>which would do this job?
>
Harry,
It *sounds* like you are describing a 'network appliance firewall'. We sell
and
have had excellent experience with the Firebox II, from WatchGuard
(www.watchguard.com). Moderate cost ($5K), stand-along bright red box - no
OS
troubles (though it is Linux based), no separate hardware, *really*
straightforward management from your admin console, realtime security
updates
(daily).
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
