Re: WAF (Web Application Firewall) from -Hammer- on 2011-09-26 (Ccielab archives 09/2011)

From: -Hammer- <bhmccie_at_gmail.com>
Date: Mon, 26 Sep 2011 09:42:53 -0500

I think that "best" can be a very opinionated statement. Like I said.
We've used several products in the past and been happy with Citrix. I
have no direct experience with Imperva so I can't say. My only statement
to new folks would be to consider load carefully as we're doing full
inspection as opposed to headers only.

-Hammer-

"I was a normal American nerd"
-Jack Herer

On 09/24/2011 11:33 PM, Ken Swanson wrote:
> Actually Imperva is the best in the WAF space.
>
> Tony Varriale
> 630.546.7610
>
> On Sep 24, 2011, at 1:06 AM, "Alaa M. Alhemyari"<alaa401_at_gmail.com> wrote:
>
>
>> F5 Networks is the best. Check out their ASM product.
>>
>> Regards,
>> Alaa Alhemyari
>>
>> On Sat, Sep 24, 2011 at 12:53 AM, Iam Here<go_soon2010_at_hotmail.com> wrote:
>>
>>> I really appreciate your perfect support Could you give me a name for vendor provide WAF Software?
>>>
>>>
>>>> Date: Fri, 23 Sep 2011 08:44:21 -0500
>>>> From: bhmccie_at_gmail.com
>>>> To: ccielab_at_groupstudy.com
>>>> Subject: Re: WAF (Web Application Firewall)
>>>>
>>>> OK. Speaking as someone who's done application firewalls for about 8
>>>> years (back before anyone had heard of them) I can tell you Cisco is NOT
>>>> the WAF solution you want. The Cisco ACE is not a WAF. It's a load
>>>> balancer and a crappy one at that. YES. I own several ACEs and we were
>>>> an early adopter. That's why we're phasing them out. Cisco ASA is the
>>>> moving forward "firewall" universe and it will include this
>>>> functionality in different products under the ASA name in the near
>>>> future. But I would not recommend jumping in with both feet.
>>>>
>>>> We used to use Kavado (years ago and now defunct) and moved to Teros.
>>>> Teros was acquired by Citrix. Citrix has a network appliance group
>>>> called ANG (Application Networking Group) that they sell their load
>>>> balancers and application firewalls thru. They are called the NetScaler
>>>> line. They are top end appliances for enterprise environments. Great
>>>> stuff. I highly recommend them.
>>>>
>>>> F5 has a great solution as well. We have used it in the past but decided
>>>> to stick with NetScaler.
>>>>
>>>> There are also some software products out there that (depending on your
>>>> volume and design) may be suitable.
>>>>
>>>> Let me know if you have any additional questions regarding this.
>>>>
>>>> -Hammer-
>>>>
>>>> "I was a normal American nerd"
>>>> -Jack Herer
>>>>
>>>>
>>>>
>>>> On 09/23/2011 07:34 AM, Iam Here wrote:
>>>>
>>>>> You mean that the SW version will not be suitable
>>>>>
>>>>>
>>>>>
>>>>>> Date: Fri, 23 Sep 2011 17:12:47 +1000
>>>>>> Subject: Re: WAF (Web Application Firewall)
>>>>>> From: pbhatkoti_at_gmail.com
>>>>>> To: manserkhan_at_gmail.com
>>>>>> CC: go_soon2010_at_hotmail.com; muhammad.nasim_at_gmail.com; ccielab_at_groupstudy.com
>>>>>>
>>>>>> Unfortunately F5 VE sux!
>>>>>> Try loading 700+ Mb traffic on F5 ASM - it will die ..
>>>>>>
>>>>>> On Fri, Sep 23, 2011 at 4:05 PM, Anser Gmail<manserkhan_at_gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Check 'Astaro' Web Applulication Firewall. Its a dedicated HW FW
>>>>>>>
>>>>>>> Sent from my iPhone
>>>>>>>
>>>>>>> On Sep 23, 2011, at 2:02 AM, Iam Here<go_soon2010_at_hotmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Are there any Software products ?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> From: muhammad.nasim_at_gmail.com
>>>>>>>>> Date: Fri, 23 Sep 2011 01:39:21 +0300
>>>>>>>>> Subject: Re: WAF (Web Application Firewall)
>>>>>>>>> To: go_soon2010_at_hotmail.com
>>>>>>>>> CC: ccielab_at_groupstudy.com
>>>>>>>>>
>>>>>>>>> hi , checkout cisco waf solution.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Sep 23, 2011 at 1:24 AM, Iam Here<go_soon2010_at_hotmail.com>
>>>>>>>>>
>>>>>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>>>> I have an Web Application Server and I'd like to protect it with Web
>>>>>>>>>> Application Firewall product (HW or SW)
>>>>>>>>>> any recommendations will be appreciated
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>
>>>>>>>>>> _______________________________________________________________________
>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Muhammad Nasim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>
>>>>>>>>> _______________________________________________________________________
>>>>>>>>> Subscription information may be found at:
>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 26 2011 - 09:42:53 ART

This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART