[isapros] Re: OT: Checkpoint HTTPS Termination
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 19:30:32 -0500
Not impossible at all. I've been heads down in the lic'ing fees
Netscreen, Blue Coat and Cisco charge, and all I can say is "one is born
every minute" to go with one of those solutions if the ISA firewall
provides the customer's required functionality, and at a fraction of the
price.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland
> Sent: Thursday, August 24, 2006 7:24 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
>
> jeepers! and i thought saving one of my clients 7.5k for 700
> users with a
> customised ASP solution instead of GFI archiving was
> impressive, but 50k
> thats unpossible.
>
> Greg
>
> ----- Original Message -----
> From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> To: <isapros@xxxxxxxxxxxxx>
> Sent: Friday, August 25, 2006 10:17 AM
> Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
>
>
> > Hey, it's only $50,000 for 500 users. How can you call
> that "gouging?" :\
> >
> > ISA, here we come.
> >
> > t
> >
> >
> > On 8/24/06 4:45 PM, "Thomas W Shinder"
> <tshinder@xxxxxxxxxxx> spoketh to
> > all:
> >
> >> Tim,
> >>
> >> Reviewing my compete doc, you can have SSL termination and
> initiation if
> >> you introduce Connectra. CP is famous for gouging the poor
> sap customer
> >> is additional lic'ing fees for every basic application
> layer inspection.
> >> In order to get some Web proxy capabilities, you need to
> license their
> >> "Web Intelligence" product.
> >>
> >> If you find out more info on this, I'm all ears.
> >>
> >> Thomas W Shinder, M.D.
> >> Site: www.isaserver.org
> >> Blog: http://blogs.isaserver.org/shinder/
> >> Book: http://tinyurl.com/3xqb7
> >> MVP -- ISA Firewalls
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: isapros-bounce@xxxxxxxxxxxxx
> >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> >>> (Hammer of God)
> >>> Sent: Thursday, August 24, 2006 6:09 PM
> >>> To: isapros@xxxxxxxxxxxxx
> >>> Subject: [isapros] OT: Checkpoint HTTPS Termination
> >>>
> >>>
> >>> Pardon the OT, but I've got a customer using Checkpoint who
> >>> has retained me
> >>> to audit/oversee the deployment of a new application in the DMZ.
> >>>
> >>> Based on what I do all the time with ISA, the client and I
> >>> both assumed that
> >>> the Checkpoint box could do HTTPS termination in order to perform
> >>> protocol-level HTTP filtering. We also assumed that the
> >>> checkpoint box
> >>> could then forward HTTP to the DMZ for IDS/NetMon logging.
> >>>
> >>> It seems, however, that the Checkpoint firewall admin
> cannot confim
> >>> Checkpoint's capability to perform this function. Given all
> >>> the hubbub
> >>> about Checkpoint, its seems that it's odd that ISA can
> >>> perform a function so
> >>> well that Checkpoint does not even support.
> >>>
> >>> Can anyone out there confirm this? This could be a great
> >>> opportunity for me
> >>> to officially introduce ISA into the company (which I would
> >>> love) but I want
> >>> to make sure I'm doing the best job for the client before I
> >>> just spend the
> >>> money (or request that they spend the money) if this is
> something that
> >>> Checkpoint can do.
> >>>
> >>> The goal is to terminate HTTPS at the Checkpoint box, perform
> >>> app level
> >>> filtering (like ISA's HTTP filter), then forward the HTTP
> traffic to a
> >>> single segmented DMZ network so that the IDS/NetMon boxes
> can log the
> >>> traffic via the switch/Nokia monitor ports.
> >>>
> >>> Thanks. Oh, any specific references would be great so that I
> >>> can share them
> >>> with the client.
> >>>
> >>> t
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> >
> >
>
>
>
>
Other related posts:
