Since the old days, ISA and now TMG have had several great features that I often want to deploy to my customers because of the enhanced functionality and security, but often the cost of an additinal server HW, Windows Server, and TMG license is too much to justify when compared to a $300-500 appliance.
Are there other gateway firewalls that can perform one or more of these application layer features:
- Pre-authenticate incoming HTTP traffic against AD/LDAP before sending packets to internal server (forms auth or basic creds popup)?
- Read host headers of incoming HTTP traffic (even on https) to a public IP and route packets to different internal servers based on that host header?
Best Answer
True application/proxy firewalls in appliance form generally run above that range. (Palo Alto and Sidewinder... I mean McAfee Firewall Enterprise come to mind, but are $$).
I would recommend the FortiNet FortiGate 60C. It is a really solid box, and a no-frills system would cover your two requirements at around $500.