Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

R E V I E W

Application-Level Firewalls: Smaller Net, Tighter Filter

March 21, 2003
By Mike Fratto

>> continued from previous page

Executive Summary

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Testing App-Level Firewalls
	Secure Computing Corp.
	Check Point Software Technologies FireWall-1 NG FP3
	Other Products Reviewed
	Executive Summary
	How We Tested
	Glossary & Web Links
	Report Card

Stateful packet-filtering firewalls protect the enterprise at the network level, but application-level attacks can cross a stateful packet-filtering firewall easily. Application proxies, like the ones we tested, take perimeter security to a higher level by inspecting traffic at the application-protocol level. The proxies make decisions on the types of data and the commands allowed. Among the products we tested, we found good support across the board for common protocols such as HTTP and SMTP but support for more complex protocols such as H.323 and Oracle's SQL*Net varied greatly. The price for this increased protection is performance. Even with gigabit interfaces, none of the firewalls came close to 200 Mbps.

Luckily, these firewalls offer both stateful packet filtering and application proxy support, so there's plenty of room for rule-based customization. Our Editor's Choice, Secure Computing's Sidewinder, squeaked out a win because of its protection features.