Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] URL Filtering interactions with FW1

To: [email protected]
Subject: RE: [FW1] URL Filtering interactions with FW1
From: Dan Hubbard <[email protected]>
Date: Thu, 11 Jan 2001 07:19:30 -0800
Cc: [email protected]
Sender: [email protected]

The UFP is the protocol that the traffic is sent over from the Firewall to the
server. It is actually not the performance issue. The performance issue is
with
the HTTP security server. Thsi is the process that passes the UFP the traffic
originally.

However, in 4.1 SP3+ Checkpoint has something called UFP caching which
signifigantly reduces the amount of requests that go through the HTTP Security
Server (if they are cached then the "decisions" are made by inspect, thus
running in kernel space and not as a process like the HTTP security server).

Note: The UFP vendor MUST support this.

If you want additional information on this, let me know.



-----Original Message-----
From: Hartmann, Josef [mailto:[email protected]]
Sent: Thursday, January 11, 2001 12:49 AM
To: '[email protected]'
Subject: RE: [FW1] URL Filtering interactions with FW1



Hi,

FW-1 4.1 sp2 (?) supprts ufp fail over which means, if the UFP server goes
down HTTP traffic is allowed without any UFP cheching. However my experience
is that it does not fall back when the UFP server comes up again. Then I had
to reinstall the policy again.

Also, don't forget that UFP performs really poorly having a large amount of
users.


Cheers,

Josef

> -----Original Message-----
> From: Dean Landis II [SMTP:[email protected]]
> Sent: Wednesday, January 10, 2001 9:39 PM
> To: [email protected]
> Subject: [FW1] URL Filtering interactions with FW1
> 
> 
> Looking for how FW1 handles URL Filtering via a UFP server.
> 
> My most critical concern is what happens if the UFP become unreachable 
> (network down, server down etc) does FW1 continue to allow HTTP requests
> or 
> do they cease to pass? Does the UFP become a single point of failure or is
> 
> the 'fallback' to pass HTTP without filters?
> 
> Related, it would be nice to know if the FW1 and UFP are constantly 
> communicating or only when the URL filers change on the UFP or only during
> 
> HTTP requests?
> 
> Would appreciate any assistance on this.
> 
> Thx,
> Dean
> 
> Dean Landis II
> Landis.net
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>               
<http://www.checkpoint.com/services/mailing.html>http://www.checkpoint.com/s
ervices/mailing.html
> ==========================================================================
> ======


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
              
<http://www.checkpoint.com/services/mailing.html>http://www.checkpoint.com/s
ervices/mailing.html
============================================================================
====


---------------------
Dan Hubbard
Websense Inc.
San Diego, CA


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SDL setup question
Next by Date: [FW1] CPMAD
Previous by thread: RE: [FW1] URL Filtering interactions with FW1
Next by thread: [FW1] CheckPoint/Nokia Appliance HD Size?
Index(es):
- Date
- Thread