[c-nsp] What does SSL VPN Devices offer?

Chris Moore chris.moore at gmd.com
Mon Feb 20 11:05:12 EST 2006


>So its confusing, i also see alot of stuff done on one box (IDS,
AntiVirii,
>AntiSPam, Firewall, NAT..) so do they really perform with all these
stuff
>there and enabled at wire speed as claimed, its alot to be done on a
packet
>if you ask me.

Not really. What I mean is that processing power has become such that if
you're looking at all seven layers anyway you might as well match to
everything (virus, spam, IDS, etc.). It just means a bigger
pattern-matching list.

We use Juniper Netscreen Firewalls that do all this stuff - except
anti-spam. We use a separate appliance for that. But they do IDS deep
packet inspection w/ basic anti-virus, full firewalling including NAT as
well as integrating with WebSense for outbound HTTP logging and blocking
kinda like a proxy does. All works quite well. They're not cheap and
certainly pack a lot of HP, but they do work.

Chris

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joost greene
Sent: Monday, February 20, 2006 2:49 AM
To: sin
Cc: Asbjorn Hojmark - Lists; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] What does SSL VPN Devices offer?

Thanks for all who replied, i understand the major difference now.

there are a dozen of other products on the top of my head: Cisco ASA,
Fortinet, Juniper boxes (Netscreen, SSG), Cisco routers with CBAC....

So its confusing, i also see alot of stuff done on one box (IDS,
AntiVirii,
AntiSPam, Firewall, NAT..) so do they really perform with all these
stuff
there and enabled at wire speed as claimed, its alot to be done on a
packet
if you ask me.




**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged.  Access to this email by anyone other than the intended addressee is unauthorized.  If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful.  If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.  Thank you.
Guardian Mtg Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************



More information about the cisco-nsp mailing list