Without knowing more about your firewall config (can you at least tell us what the product is?), I would have to ask if it supports RADIUS. If so, this would allow you to have a central repository for those remote user accounts, and a good RADIUS
(I use Shiva Access Manager www.shiva.com) will let you proxy to other authenticators like NDS, NT, SecurID. So in the future, if you replace the firewall, it will be less stress on the users.
Fb
This is the mistake that is always made. You can take any OS or just about any network device and do some kind of QOS with ports and IP's. However, that is completely useless if the application can disguise itself as something else. If Napster can be configured to use port 80, you will give it just as much bandwidth as you do normal web browsing. My point was that Packeteer has a huge database of application signatures that can deal with this issue and, yes, they put effort into doing this so that they can make money. Even if you put enormous effort yourself into figuring out how to throttle Napster now, ehat are you going to do about Gnutella, or AIM, or whatever is the next bandwidth hog that comes out next year?
Fb
We are currently evaluating bandwidth devices for our WAN. I am trying to purchase Packeteer Packetshapers (www.packeteer.com). They are the only device that can manage bandwidth at layer 7. In other words, it doesn't matter how Napster port hops, the Packetshaper is able to recognize Napster activity by matching it to a signature database (like IDS or anti-virus), and then throttle the connection per a pre-set rule. This is the same for Real Audio, IRC, etc.
Other tools are really only able to handle up to the IP and port, which is useless if the app port hops.....
Slashdot Mirror
Without knowing more about your firewall config (can you at least tell us what the product is?), I would have to ask if it supports RADIUS. If so, this would allow you to have a central repository for those remote user accounts, and a good RADIUS (I use Shiva Access Manager www.shiva.com) will let you proxy to other authenticators like NDS, NT, SecurID. So in the future, if you replace the firewall, it will be less stress on the users. Fb
This is the mistake that is always made. You can take any OS or just about any network device and do some kind of QOS with ports and IP's. However, that is completely useless if the application can disguise itself as something else. If Napster can be configured to use port 80, you will give it just as much bandwidth as you do normal web browsing. My point was that Packeteer has a huge database of application signatures that can deal with this issue and, yes, they put effort into doing this so that they can make money. Even if you put enormous effort yourself into figuring out how to throttle Napster now, ehat are you going to do about Gnutella, or AIM, or whatever is the next bandwidth hog that comes out next year? Fb
We are currently evaluating bandwidth devices for our WAN. I am trying to purchase Packeteer Packetshapers (www.packeteer.com). They are the only device that can manage bandwidth at layer 7. In other words, it doesn't matter how Napster port hops, the Packetshaper is able to recognize Napster activity by matching it to a signature database (like IDS or anti-virus), and then throttle the connection per a pre-set rule. This is the same for Real Audio, IRC, etc. Other tools are really only able to handle up to the IP and port, which is useless if the app port hops.....