netcontinuum ... for ssl off-loading?

We have a 'text book' 3-tier ebusiness infrastructure ...

pix -- web server -- netscreen -- app server -- ip tables -- database server

and am considering retiring the ip-tables, moving the pix to that space,and
using netcontinuum at the perimeter mainly for their ability to provide a
complete proxy service for the web front-end even to the point of
terminating ssl ... allowing the first line of ids's to see what's going on.

Comments / experiences would be appreciated.

BernieM

Re: netcontinuum ... for ssl off-loading?

On Sat, 28 Jan 2006 00:12:52 GMT, "BernieM" wrote:

>We have a 'text book' 3-tier ebusiness infrastructure ...
>
>pix -- web server -- netscreen -- app server -- ip tables -- database server
>
>and am considering retiring the ip-tables, moving the pix to that space,and
>using netcontinuum at the perimeter mainly for their ability to provide a
>complete proxy service for the web front-end even to the point of
>terminating ssl ... allowing the first line of ids's to see what's going on.
>
>Comments / experiences would be appreciated.
>
>BernieM
>
>
BernieM
From looking at there diagram at this link
http://www.netcontinuum.com/docLibrary/get.cfm?n=70 I think I would
still want to protect my server and other devices that are behind the
Perimter with another application layer Firewall. I.E.


SidewinderG2--- netcontinuum -- Webserver -- Pix-- Database server

You can put the webserver in its own DMZ and still protect all of your
other clients on another interface.

Might be a little over kill, depending on how important your data is.

Just my .02 cents