[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall virus protection?
 Date:  Thu, 15 Nov 2007 10:58:22 -0600
If Fortigate is like other AV on the firewall products I have seen
before, it is rebranding online AV services from vendors like McAfee or
Symantec. This is what SonicWall did. If you had the AV from SonicWall
you had to install the online network version of McAfee.

If I remember correctly SonicWalls web content filtering was/is a proxy
of some kind comparing site requests to a blacklist - if the blacklist
did not download properly (very common) the filter would block
**everything** until I downloaded a good list...

_________________________________ 
James W. McKeand 

-----Original Message-----
From: sai [mailto:sonicsai at gmail dot com] 
Sent: Wednesday, November 14, 2007 11:08 PM
To: Joe Lagreca
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Firewall virus protection?

It has to have a proxy for each protocol. So if you are receiving
email the Fortigate would need a POP proxy, download the whole email ,
inspect it and any attachments then send it onto the user.
It increases the complexity of the machine (so you might get bugs
bringing down your firewall), vastly increases the attack surface
(m0n0 is essentially invisible to the outside attacker in many cases)
and so reduces the security of the firewall. Sure you should inspect
traffic before it gets to the user, but it should be done on an
another machine , in this case I would want the email to be inspected
by the mail server.

Unfortunately this is what the future looks like because users like
having a machine that does everything.

sai


On Nov 15, 2007 9:52 AM, Joe Lagreca <joe at bignetonline dot com> wrote:
> A customer of mine recently replaced their m0n0wall with a Fortigate
> firewall because of two "benefits" of the fortigate.  First they liked
> the content filtering fortigate offered.  They also liked the firewall
> virus protection.
>
> I'm a little unclear on exactly how a firewall does virus protection?
> I'm sure its not smart enough to inspect all packets.  Especially if
> they are encrypted point to point, like Skype file transfer.  Can
> anyone explain how firewall virus protection is better than what
> m0n0wall offers?
>
> Thanks.
>
> --
> Joe LaGreca
> Founder & Owner, BIGnet Online
> 619-393-1733 Office
> 619-318-3246 Cell
> www.BIGnetOnline.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch