Hehe I want 6.2 [;)] Well I guess v7 is some months away and the generic proxy feature in 6.2 is something I have been wating for. After that i only hade 2 more thinks on my whishlist. 1: A true DNS Server (Not Caching only) 2: Baynesian Learning in SPAM protection.
I was under the impression that they where going to release it yesterday (19/3). But still no 6.2... im wating...
Astaro Blog:
[ QUOTE ] Just to make sure everybody saw the announcement today. We will release version 6.2 early next week, make sure you have your System Up2Date prefetch set to daily. If you aren't sure about that setting please visit WebAdmin :: System >> Up2Date.
6.2 will add those features that held BorderManager users back from migrating to ASG. With those new eDirectory features and the generic proxy the migration will be possible without any loss of functionality, better even, ASG has many additional features. A publicly accessible Wiki designed to support the community of BorderManager customers migrating to Astaro Security Gateway V6.2 is available at www.astaro.com/bmwiki.
[/ QUOTE ]
So next week should be available.
DNS server on a firewall? Not a good idea, a firewall is ment to secure your network, not provide a hole or service for hackers to exploit.
I don't think the generic proxy has antivirus support. Bayes training would be great as the spam rules haven't been updated since Christmas and more and more spam is getting scored lower. Copfilter for IPCOP firewall has that functionality. Would be nice to have!
Well I both agree and disagree.
I agree that you should keep the firewall as a firewall. Some examples there. Clavister Firewall, Cisco PIX.
This is not however the case of Astaro. It is a multifunction firewall.
Take a look at Borderware Firewall Server. It is classefied as EAL4+ on the entire system (Most other firewalls that have EAL4+ have it on some parts of the system). It has a DNS server and they still can keep ther EAL4+ security level. Thats good enought for me. [;)]
No but the generic proxy (Probably circular-level proxy like socks) is for me not an option for outbound FTP/HTTP traffic. There I use the HTTP-Proxy (Application proxy). But for other services. Like SSH, NTP and VPN traffic.
And specially for inbound connections to DMZ for example.
It provides greater security in general on the cost of speed and system resources. However thats not a problem for me.
Que? Was it so long ago? Hum I reinstalled my Firewall 5/3-06
So it says 5/3 on the up2date status but thats not true. I got a weak memory of one update in january? But I could be wrong.
But I don't have that problem now days. My bayers hax is now working like a charme. Catches almost all SPAM and those it don't the SURBL takes care of and teatches my baynesianDB. And no HAM is cought as SPAM [:)]
Borderware is running BSD not such crappy LINUX . Borderware is rock-solid but very monolitic, and very very very slow, and support went from "not so good" to "even worse" in the last few years. But for areas where you need the ELA4 Level, its rather good.
Generic Proxy: how to pump other services over the Squid-Proxy But normaly a generc Proxy won't make any Application-Level checking. How should he, if he dosn't know the application.
Thats true, FreeBSD 4.7 in the 7.x series.
Yepp it is rock-solid, How many security holes can you find in it? I am under the impression that the firewall it self has not been compromised.
Support well i can agree in some degree but I have not seen any other firewall company produce mutch better. They are a secret group of people and often they come and check it out remote and then 3 weeks later you get a patch [;)]
Okey they don't have a forum like this they got a knowledgebase. It is not however that good. Better than nothing thow..
Well that depends on the hardware I don't recall it as slow, but having said that. Securing your network with proxy protection will cost in preformance. No doubt there. But if you need as you say that level of protection it is worth the price. Hardware is cheep these days. [;)]
And if you have a larger company with a lot of connections to your webserver I would find it supprising if you dont buy a hardware that can handle many requests.
Take a Dual Xeon 3.06Ghz with 4GB Ram I think it would kick ass! and if you still have problems with preformance use a HALO config with 2-Firewall Servers. They use QoS to manage traffic between them.
Having no experiance of CyberGuard i guess it has the same problems with speed due to the security proxy in it.
No thats true but you still have the advance in not having a direct connection to the outside world. Or from the outside to your DMZ/SSN or whatever you call it. And if you have a advanced packetfilter to protect the proxy. It gives you a security boost. Some generic proxys have some security checking features to. Not nearly as mutch as a application proxy but often some.
PS: Well Crappy Linux [;)]
I would not cry big tears if Astaro would change SystemOS to BSD. I would LOVE a ASL based on OpenBSD and pf [:)]
DS
