Don't you love "hardware" firewall licensing. If you want to see a true folie a deux between a company and it's customers, check out Blue Coat. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > (Hammer of God) > Sent: Thursday, August 24, 2006 7:18 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: OT: Checkpoint HTTPS Termination > > Hey, it's only $50,000 for 500 users. How can you call that > "gouging?" :\ > > ISA, here we come. > > t > > > On 8/24/06 4:45 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > spoketh to > all: > > > Tim, > > > > Reviewing my compete doc, you can have SSL termination and > initiation if > > you introduce Connectra. CP is famous for gouging the poor > sap customer > > is additional lic'ing fees for every basic application > layer inspection. > > In order to get some Web proxy capabilities, you need to > license their > > "Web Intelligence" product. > > > > If you find out more info on this, I'm all ears. > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > >> -----Original Message----- > >> From: isapros-bounce@xxxxxxxxxxxxx > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > >> (Hammer of God) > >> Sent: Thursday, August 24, 2006 6:09 PM > >> To: isapros@xxxxxxxxxxxxx > >> Subject: [isapros] OT: Checkpoint HTTPS Termination > >> > >> > >> Pardon the OT, but I've got a customer using Checkpoint who > >> has retained me > >> to audit/oversee the deployment of a new application in the DMZ. > >> > >> Based on what I do all the time with ISA, the client and I > >> both assumed that > >> the Checkpoint box could do HTTPS termination in order to perform > >> protocol-level HTTP filtering. We also assumed that the > >> checkpoint box > >> could then forward HTTP to the DMZ for IDS/NetMon logging. > >> > >> It seems, however, that the Checkpoint firewall admin cannot confim > >> Checkpoint's capability to perform this function. Given all > >> the hubbub > >> about Checkpoint, its seems that it's odd that ISA can > >> perform a function so > >> well that Checkpoint does not even support. > >> > >> Can anyone out there confirm this? This could be a great > >> opportunity for me > >> to officially introduce ISA into the company (which I would > >> love) but I want > >> to make sure I'm doing the best job for the client before I > >> just spend the > >> money (or request that they spend the money) if this is > something that > >> Checkpoint can do. > >> > >> The goal is to terminate HTTPS at the Checkpoint box, perform > >> app level > >> filtering (like ISA's HTTP filter), then forward the HTTP > traffic to a > >> single segmented DMZ network so that the IDS/NetMon boxes > can log the > >> traffic via the switch/Nokia monitor ports. > >> > >> Thanks. Oh, any specific references would be great so that I > >> can share them > >> with the client. > >> > >> t > >> > >> > >> > >> > >> > > > > > > > > > > >