Not impossible at all. I've been heads down in the lic'ing fees Netscreen, Blue Coat and Cisco charge, and all I can say is "one is born every minute" to go with one of those solutions if the ISA firewall provides the customer's required functionality, and at a fraction of the price. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland > Sent: Thursday, August 24, 2006 7:24 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: OT: Checkpoint HTTPS Termination > > jeepers! and i thought saving one of my clients 7.5k for 700 > users with a > customised ASP solution instead of GFI archiving was > impressive, but 50k > thats unpossible. > > Greg > > ----- Original Message ----- > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > To: <isapros@xxxxxxxxxxxxx> > Sent: Friday, August 25, 2006 10:17 AM > Subject: [isapros] Re: OT: Checkpoint HTTPS Termination > > > > Hey, it's only $50,000 for 500 users. How can you call > that "gouging?" :\ > > > > ISA, here we come. > > > > t > > > > > > On 8/24/06 4:45 PM, "Thomas W Shinder" > <tshinder@xxxxxxxxxxx> spoketh to > > all: > > > >> Tim, > >> > >> Reviewing my compete doc, you can have SSL termination and > initiation if > >> you introduce Connectra. CP is famous for gouging the poor > sap customer > >> is additional lic'ing fees for every basic application > layer inspection. > >> In order to get some Web proxy capabilities, you need to > license their > >> "Web Intelligence" product. > >> > >> If you find out more info on this, I'm all ears. > >> > >> Thomas W Shinder, M.D. > >> Site: www.isaserver.org > >> Blog: http://blogs.isaserver.org/shinder/ > >> Book: http://tinyurl.com/3xqb7 > >> MVP -- ISA Firewalls > >> > >> > >> > >>> -----Original Message----- > >>> From: isapros-bounce@xxxxxxxxxxxxx > >>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > >>> (Hammer of God) > >>> Sent: Thursday, August 24, 2006 6:09 PM > >>> To: isapros@xxxxxxxxxxxxx > >>> Subject: [isapros] OT: Checkpoint HTTPS Termination > >>> > >>> > >>> Pardon the OT, but I've got a customer using Checkpoint who > >>> has retained me > >>> to audit/oversee the deployment of a new application in the DMZ. > >>> > >>> Based on what I do all the time with ISA, the client and I > >>> both assumed that > >>> the Checkpoint box could do HTTPS termination in order to perform > >>> protocol-level HTTP filtering. We also assumed that the > >>> checkpoint box > >>> could then forward HTTP to the DMZ for IDS/NetMon logging. > >>> > >>> It seems, however, that the Checkpoint firewall admin > cannot confim > >>> Checkpoint's capability to perform this function. Given all > >>> the hubbub > >>> about Checkpoint, its seems that it's odd that ISA can > >>> perform a function so > >>> well that Checkpoint does not even support. > >>> > >>> Can anyone out there confirm this? This could be a great > >>> opportunity for me > >>> to officially introduce ISA into the company (which I would > >>> love) but I want > >>> to make sure I'm doing the best job for the client before I > >>> just spend the > >>> money (or request that they spend the money) if this is > something that > >>> Checkpoint can do. > >>> > >>> The goal is to terminate HTTPS at the Checkpoint box, perform > >>> app level > >>> filtering (like ISA's HTTP filter), then forward the HTTP > traffic to a > >>> single segmented DMZ network so that the IDS/NetMon boxes > can log the > >>> traffic via the switch/Nokia monitor ports. > >>> > >>> Thanks. Oh, any specific references would be great so that I > >>> can share them > >>> with the client. > >>> > >>> t > >>> > >>> > >>> > >>> > >>> > >> > >> > >> > > > > > > > > > > > >