[squid-users] pros/cons squid vs next generation firewall

Garbacik, Joe Joseph.Garbacik at netapp.com
Mon Jul 25 12:20:00 UTC 2022


I would recommend comparing capabilities based on your access control requirements. For instance with squid, you can easily limit a POST to something like https://s3.amazonaws.com  but deny a POST to https://s3.amazonaws.com/* ; some firewalls cannot get that granular without complexity of the rules. Why this particular example is important, is because it allows one to create an S-3 bucket but not put anything in it; this way you can limit to which S-3 buckets one is authorized to access and how (i.e. GET vs POST). While this may not be relevant to your company's requirements, think of what are your company's requirements and make sure the solution meets all those requirements.

Joe
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Antony Stone <Antony.Stone at squid.open.source.it>
Date: Monday, July 25, 2022 at 7:29 AM
To: squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] pros/cons squid vs next generation firewall
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.




On Monday 25 July 2022 at 13:22:23, Dieter Bloms wrote:

> Hello,
>
> I run some Squid proxy servers in conjunction with ICAP virus scanners
> and I'm very happy with them. Our company now wants to replace them with
> a checkpoint next generation firewall. Do you have some arguments that
> speak for the further operation of the Squid proxies?

I would always start by asking what the justification for changing is, and see
whether you can show that it's not valid (or has drawbacks the people
advocating the change haven't thought of).


Antony.

--
BASIC is to computer languages what Roman numerals are to arithmetic.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220725/4036cd2d/attachment.htm>


More information about the squid-users mailing list