[isapros] Re: OT: Checkpoint HTTPS Termination
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 19:29:04 -0500
Don't you love "hardware" firewall licensing. If you want to see a true
folie a deux between a company and it's customers, check out Blue Coat.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> (Hammer of God)
> Sent: Thursday, August 24, 2006 7:18 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
>
> Hey, it's only $50,000 for 500 users. How can you call that
> "gouging?" :\
>
> ISA, here we come.
>
> t
>
>
> On 8/24/06 4:45 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> spoketh to
> all:
>
> > Tim,
> >
> > Reviewing my compete doc, you can have SSL termination and
> initiation if
> > you introduce Connectra. CP is famous for gouging the poor
> sap customer
> > is additional lic'ing fees for every basic application
> layer inspection.
> > In order to get some Web proxy capabilities, you need to
> license their
> > "Web Intelligence" product.
> >
> > If you find out more info on this, I'm all ears.
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> >> -----Original Message-----
> >> From: isapros-bounce@xxxxxxxxxxxxx
> >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> >> (Hammer of God)
> >> Sent: Thursday, August 24, 2006 6:09 PM
> >> To: isapros@xxxxxxxxxxxxx
> >> Subject: [isapros] OT: Checkpoint HTTPS Termination
> >>
> >>
> >> Pardon the OT, but I've got a customer using Checkpoint who
> >> has retained me
> >> to audit/oversee the deployment of a new application in the DMZ.
> >>
> >> Based on what I do all the time with ISA, the client and I
> >> both assumed that
> >> the Checkpoint box could do HTTPS termination in order to perform
> >> protocol-level HTTP filtering. We also assumed that the
> >> checkpoint box
> >> could then forward HTTP to the DMZ for IDS/NetMon logging.
> >>
> >> It seems, however, that the Checkpoint firewall admin cannot confim
> >> Checkpoint's capability to perform this function. Given all
> >> the hubbub
> >> about Checkpoint, its seems that it's odd that ISA can
> >> perform a function so
> >> well that Checkpoint does not even support.
> >>
> >> Can anyone out there confirm this? This could be a great
> >> opportunity for me
> >> to officially introduce ISA into the company (which I would
> >> love) but I want
> >> to make sure I'm doing the best job for the client before I
> >> just spend the
> >> money (or request that they spend the money) if this is
> something that
> >> Checkpoint can do.
> >>
> >> The goal is to terminate HTTPS at the Checkpoint box, perform
> >> app level
> >> filtering (like ISA's HTTP filter), then forward the HTTP
> traffic to a
> >> single segmented DMZ network so that the IDS/NetMon boxes
> can log the
> >> traffic via the switch/Nokia monitor ports.
> >>
> >> Thanks. Oh, any specific references would be great so that I
> >> can share them
> >> with the client.
> >>
> >> t
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
>
>
>
>
>
Other related posts:
