On Nov 30, 2007 8:12 AM, George Capehart wrote:
> Some light reading for the weekend . . . Thought it'd stir the pot a
> bit more for the "Firewalls that generate new packets . . ." thread. ;>
> http://www.darkreading.com/document....f_src=drweekly

You're talking about a layer7 firewall. I almost worked for Palo Alto
networks. They have some bright guys over there, mainly founders of
Netscreen. They have great VC backing from the big guys, and it could
become more mainstream, but it's not really anything new. Standard
layer3/4 firewalling is insufficient these days, but as soon as you
start tunneling data over ssh/ssl, then layer7 fw doesn't matter
anyways. However, it will be interesting to see just how many bugs
are introduced into these new devices. There is no way a company
could implement all the common protocols properly, because even some
vendors don't know how they work :-)
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."
firewall-wizards mailing list