i'm looking for a good practice guide for ace deployment if anyone can help
i intend to use my ACE appliance to load balance traffic between 4 different proxy servers, i.e. users request a url, i.e. www.cnn.com from the ACE and it then connects to one of 4 proxies which will then retrieve the web page, pass it back to the ACE which will deliver the content to the user
my ACE appliance is no my trusted/corporate lan
my proxies are on an untrusted lan/dmz behind a firewall
i want to install a 4710 with its client interface on my corporate lan (closest to the users) and the server interface on my proxy lan but i need to know if the ACE appliance is secure enough to be deployed in this topology
is it EAL certified or does it run in a firewall/stateful inspection mode?
thanks to anyone taking the time to read this or to reply
As far as I know, the ACE is not stateful like your typical firewall device, and I have no knowledge of wether it's EAL certified or not.
However, since ACE comes with a wide range of inspection features and is generally considered very security-aware, you could argue that it would make a good firewall substitute. Personally, I've deployed the ACE as an addition to my firewall setup and attached the proxies to ACE on dedicated interfaces, having a clientside interface point towards the users and a dedicated egress interface attached to the firewall on a dmz. That way any nat-rules can remain unchanged.
Another option, depending on your topology, would be a bridge-mode implementation, basically deploying the ACE as a bumb-in-road between the firewall-dmz and the proxies.
Anyway, just my thought. Hope you find 'em useful.
As far as I know, the ACE is not stateful like your typical firewall
device, and I have no knowledge of wether it's EAL certified or not.
Actually, the ACE is a stateful packet inspection based solution. It could not acheive much of what it does without maintaining state. It is certainly not as feature rich as say an ASA firewall or IDS/IPS system for security, but nevertheless it has a considerable amount of DDoS, normalization, and ACL features.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...