11-13-2009 12:22 PM
We are currently evaluating WAN-opimization products. I am not really convinced of their transparent modes.
Most of the wan optimization products in the market offer a transparent mode. Transparent mode means, the optimization boxes do not create a tunnel to send their optimized packets through. So they can coexist with firewall rules cause the firewall can check src- and dst-ips and ports.
But what will happen when the firewall sees for example a http packet but the packet itself is not http (the packet contains optimized data).
Has anyone experiences with these "complete transparent" wan-optimizers (bluecoat (packeteer), citrix (orbital data))?
Are there drawbacks like disabing ALGs?
11-13-2009 02:46 PM
If you are not using UTM features(AV, URL filtering, etc), you will not need HTTP ALG. Therefore, you can safely disable HTTP ALG via application ignore and the firewall will not check the content of HTTP.
Most likely, you will not need any ALG given that no port translation in transparent mode.
11-14-2009 12:49 AM
Been using Bluecoat's Packeteer 7500 for 2 years now and it is integrated with an SSG 550M and works perfectly.I'm not promoting the box but it really provides good delivery.On the box,you can define tunnels between units where optimization can be maximized using acceleration,compression and shaping.With this,packets are handled by the boxes compression/decompression manipulating packet headers for the purpose.Hope this helps.