[AusNOG] Application Firewall Recommendations

Ed Hallett ed at teltech.net.au
Thu Aug 8 10:52:13 EST 2013


Hi,

VM’s are definitely the way to go – unfortunately, as stated in the reqs, the solution can’t be a VM since Telstra’s cloud doesn’t support nested hypervisors – the machines are already VM’s. Hence the reason why TMG was a good solution, and why VM’s / hardware is out of the question.

 

It’s interesting why MS decided to discontinue TMG – the general reports are that the network stack in 2012 is simply too large for Forefront to handle securely, although UAG doesn’t seem to have this problem and is based on TMG anyway. However UAG doesn’t outbound proxy and intrusion detection, nor layer-3 VPN / site-to-site VPN.

http://www.isaserver.org/articles-tutorials/general/Should-replace-TMG-firewalls-with-UAG.html

Interesting.

 

Kind regards to all, and those in Melbourne – Yes, walking pace has an interesting definition.

 

 

From: Burt Mascareigne [mailto:burt at prioritycomputer.com.au] 
Sent: Thursday, 8 August 2013 9:53 AM
To: Michael Andreas Schipp; Ed Hallett
Cc: ausnog at lists.ausnog.net
Subject: RE: Application Firewall Recommendations

 

Throwing my 0.02c  I like SOPHOS,  not a full WAF,  but,  it does so much more as well.  It’s WAF is nice and simple,  but,  IMHO,  F5 is better, but WAY more expensive.  

 

You can try SOPHOS for free,  as it’s a VM,  if you’re OK with that,  I personally like VMs,  being more scalable and a good DRS

 

 

 

 

Burt Mascareigne
Technician
Mob: 0414 450 962

 

 

Your Needs, Our Priority

 

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Michael Andreas Schipp
Sent: Thursday, 8 August 2013 9:50 AM
To: Ed Hallett
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Application Firewall Recommendations

 

Hi Ed,

              If as others have say, you decide to look at WAF and reverse proxies, I would suggest you to look at the following vendors;

 

              A10 Networks

              Citrix

              F5

Imperva

Radware

 

Narrow it down to 2 or 3 and do a PoC (most If not all of us will be able to offer hardware appliances or VM’s)

 

I can help in getting anything you may need from the A10 (www.a10networks.com) side, just let me know.

 

Thank you,
 
Michael A Schipp
Regional SE Manager ANZ

A10 Networks

 

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Ed Hallett
Sent: Tuesday, 6 August 2013 10:12 AM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] Application Firewall Recommendations

 

Hi people,

 

Just a simple question, but with a not so simple answer.

 

We manage considerable clients with ‘cloud’ based servers within Telstra’s utility hosting.

We used to use TMG as a firewall / gateway / security for clients who requested these features,  but this is no longer possible.

 

I need recommendations on application based (non VM) firewalls which can be installed on server 08 / 12 and capable of the same feature set as TMG. Not as easy to find now..

 

So, I ask my esteemed peers for words of wisdom.

Well, words, anyway.

 

Kind regards,

Ed Hallett

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130808/8923514c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 387 bytes
Desc: image001.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130808/8923514c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 553 bytes
Desc: image002.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130808/8923514c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1026 bytes
Desc: image003.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130808/8923514c/attachment-0002.png>


More information about the AusNOG mailing list