Re: web appliaction security products (AKA application firewalls)

> What is the group experience with these type of devices? Any good, bad
> or horror stories about using/maintaining them? Any specific
> recommendations?

  We use them for our smaller clients with pure Internet client (i.e. no   Internet servers on the LAN) networks. For such simple networks they aren't   too bad and they are very easy to set up. They can also handle server NATting
  but we rarely use them once a network starts providing Internet server functions.
  If you have a complicated network with things like multiple segments, or subnetting,
  they can become awkward or impractical to use.

  Things to watch out for:

• if VPN is a requirement, make sure you actually get it running and test it. Sometimes its not so easy, or the device is actually just "VPN capable"
• be careful of the licensing, some devices have a per system license structure.
  • many have a limited number of firewall rules that can be set up, be sure that you can actually implement the policy you want on the device that you are considering.
  • if its a plug-and-play firewall, turn that feature off or pick another device!

  We have found that many companies that make these devices will provide evaluation units
  to network security companiies so that you can try them out before recommending them to a client.

-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip@taygeta.com
 1340 Munras Ave., Suite 314    WWW: 
http://www.taygeta.com
 Monterey, CA. 93940