jeepers! and i thought saving one of my clients 7.5k for 700 users with a
customised ASP solution instead of GFI archiving was impressive, but 50k
thats unpossible.
Greg
Hey, it's only $50,000 for 500 users. How can you call that "gouging?" :\
ISA, here we come.
t
On 8/24/06 4:45 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all:
Tim,
Reviewing my compete doc, you can have SSL termination and initiation if you introduce Connectra. CP is famous for gouging the poor sap customer is additional lic'ing fees for every basic application layer inspection. In order to get some Web proxy capabilities, you need to license their "Web Intelligence" product.
If you find out more info on this, I'm all ears.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, August 24, 2006 6:09 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] OT: Checkpoint HTTPS Termination
Pardon the OT, but I've got a customer using Checkpoint who has retained me to audit/oversee the deployment of a new application in the DMZ.
Based on what I do all the time with ISA, the client and I both assumed that the Checkpoint box could do HTTPS termination in order to perform protocol-level HTTP filtering. We also assumed that the checkpoint box could then forward HTTP to the DMZ for IDS/NetMon logging.
It seems, however, that the Checkpoint firewall admin cannot confim Checkpoint's capability to perform this function. Given all the hubbub about Checkpoint, its seems that it's odd that ISA can perform a function so well that Checkpoint does not even support.
Can anyone out there confirm this? This could be a great opportunity for me to officially introduce ISA into the company (which I would love) but I want to make sure I'm doing the best job for the client before I just spend the money (or request that they spend the money) if this is something that Checkpoint can do.
The goal is to terminate HTTPS at the Checkpoint box, perform app level filtering (like ISA's HTTP filter), then forward the HTTP traffic to a single segmented DMZ network so that the IDS/NetMon boxes can log the traffic via the switch/Nokia monitor ports.
Thanks. Oh, any specific references would be great so that I can share them with the client.
t