ScreenOS Firewalls (NOT SRX)
Reply
Contributor
hagbard
Posts: 61
Registered: ‎10-29-2008
0

transparent mode of wan optimization products

We are currently evaluating WAN-opimization products. I am not really convinced of their transparent modes.

Most of the wan optimization products in the market offer a transparent mode. Transparent mode means, the optimization boxes do not create a tunnel to send their optimized packets through. So they can coexist with firewall rules cause the firewall can check src- and dst-ips and ports. 

But what will happen when the firewall sees for example a http packet but the packet itself is not http (the packet contains optimized data).

Has anyone experiences with these "complete transparent" wan-optimizers (bluecoat (packeteer), citrix (orbital data))?

Are there drawbacks like disabing ALGs?

 

Super Contributor
Cesar
Posts: 141
Registered: ‎11-18-2008
0

Re: transparent mode of wan optimization products

If you are not using UTM features(AV, URL filtering, etc), you will not need HTTP ALG. Therefore, you can safely disable HTTP ALG via application ignore and the firewall will not check the content of HTTP.

Most likely, you will not need any ALG given that no port translation in transparent mode.

Regular Visitor
ycarus
Posts: 5
Registered: ‎09-17-2008
0

Re: transparent mode of wan optimization products

Been using Bluecoat's Packeteer 7500 for 2 years now and it is integrated with an SSG 550M and works perfectly.I'm not promoting the box but it really provides good delivery.On the box,you can define tunnels between units where optimization can be maximized using acceleration,compression and shaping.With this,packets are handled by the boxes compression/decompression manipulating packet headers for the purpose.Hope this helps.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.