For a minute there I thought you were going to pull a McGyver and finish that sentence with "a pine cone and a spool of twine".
Hmm... all of my Checkpoint configs ran on Solaris boxes. I've only seen Unix configs of Checkpoint. There are a variety of Unix flavors. I believe Checkpoint's Windows port came after the purchased another company during the Internet bubble to offer a low-end solution to the small businesses of the world. Checkpoint has been an enterprise-class vendor from the begging. Sure, I can build an unbreakable iptables firewall too. Been there, done that. Unfortunately, as much as I love open source, when it comes to an enterprise class environment with enterprise accountability, you have to go with best-of-breed hardware and software. Do you see any of the enterprise class co-location facilities offering iptables as a managed firewall? No, they all offer Checkpoint as the first offering. When I put in the one of the largest ecommerce installation that Exodus has ever seen (we leased 1/3 of the floor in Exodus's largest CA facility), I would get laughed out the building if I try to put in iptables. When you have to survive best-of-breed due diligence you have to use best-of-breed products and Checkpoint is clearly the leading vendor. I don't want to get into an off topic debate on firewall vendors, or enterprise class vs. open source debate either. My point was to reply to your comment that "Checkpoint is a joke." Now if you have something to say on topic regarding one of the three potential configs that the original poster was likely referring to, that may be more useful.
Pffft, Firewalls that run under ANYTHING but the most scaled down OS is a joke, period. The VERY fact that Checkpoint EVEN considers writing a FW to Windows shows they are morons. WTF? you think that the language used to describe the rules is more important than the stateful packet inspection that goes on? Who the hell cares if I write a poem in spanish or in french? Dude, now you are showing how little you know. The largest Internet site in the World is run on FreeBSD - YAHOO. Until recently, Microsoft couldn't even use it's own software to handle its own e-mail - they used FreeBSD. Apple, who has INFINETLY more taste than anything Microsoft has ever produced (actually, I am seriously impressed with .NET and c#) runs OS.X - what do you think that is - FREEBSD!!! In case you haven't noticed, Apache, AN OPENSOURCE PRODUCT, runs more than half the web servers in the world. The reason large companies choose a commercial product over an OpenSource one isn't because the commercial product is better, hardly, it is because what they are really purchasing is the expertise and the support that goes with the product. IBM installs LINUX on HUGE projects - who the fuck cares that it is LINUX, which is 100 times better than Win2K - it is just that it is backed by IBM Global Services, and if something goes wrong, which will happen about 1/10 the number of times it would be if it were on Windows, IBM is there to get it fixed. Microsoft is scared shitless of Linux (which is about 1/5 as good as FreeBSD currently.) Sun is scared shitless of Linux. Pluhease drop this before I really get pissed. Perhaps you did not read what I said above. ALL FIREWALL VENDORS START WITH OPENBSD KERNEL AND OS, THEN PRETTY IT UP FOR THE END USER - I can't even count the number of OpenSource projects that are commercial products that are just that, OpenSource prettied up. Checkpoint is a joke, and when the stock goes to ZERO, the rest of the world will see that as well. Dude, there is no WAY _YOU_ did any such thing. Anyone who calls NAT a firewall has no clue. You probably had a bunch of Windows Certified idiots that told you this junk and you bought into it. As far as "staying on topic," I have no problem with it as long as statements like "NAT is a firewall" STOP. nitro
I never said "NAT is a firewall". I said: What do you refuse to believe that the *vast majority* of all users who would consider "does TWS run behind a firewall?" are not either using NAT or a proxy server? Get off your high horse, dude. I made my $$ during the tech boom with my stock options building one of the larget ecommerce sites hosted at Exodus. I cashed out and am now trading. Why can't you keep this topic on topic and deal with the issue at hand, which is "does TWS work behind a firewall?". That depends on your firewall config, and like I said, the original poster probably works in a corporate environment that is either using proxy server or NAT and therefore I said "TWS works fine behind NAT". What do you not understand?? I'm surprised at your level of decorum from one ET veteran to another.
Same here for making $$ building several of the largest ecommerce sites on the net as well as some interesting commercial software systems - ventures which I still back and run. Yes, TWS works fine behind a proxy and with NAT: you just need to control the ability to open up the configuration. FYI we use a mixed environment of Linux and Apache as well as Microsoft servers. Both work well and IMHO both require some knowledge to get securly configured - although IMHO the microsoft world does have more steps required to bring the environment secure. We run a DMZ and we use NAT in some cases for portions of our network configuration. We prefer a stateful packet inspection mechanism similar to what NITRO mentioned. However not everyone runs through our DMZ - we do have some offices that simply run behind a router and proxy etc and they get a different solution for data access ... I dont see a lot of difference between the Microsoft solutions and the Unix solutions these days - other than the integrated solutions of MS which you pay for. The same can be said for database vendors: major players are converging towards commodity status ....
nitro and dottom, While I admit your discussion drifted off-topic for the most part, it was a fascinating overview of firewalls by two very knowledgeable people, so thanks. Besides, I think the person who started this thread got his answer many times over.
Nitro You have made me think with your statements on 'checkpoint'. I own 5000 shares which I'm sitting on due to my negligence after the trade. I hope this shit bounces up so I can get out close to even or is that simply thinking like a moron ?
Nitro and I are cool. We were sort of argued on different parts of the same picture. Just an fyi, I hope I never implied that Checkpoint=Windows. I'd never run a Windows firewall. I've only used Checkpoint on Unix platforms or as an appliance. Checkpoint did come out with a Windows version a few years ago but their core product for over a decade was only available on Unix. Since that time, Checkpoint (and other firewall vendors) are now running their software on top of appliances (such as Nokia's firewalls). This acheives much of what Nitro was talking about, i.e. you are only as good as your OS no matter how good your firewall. You should also consider enterprise features such as the ability to manage all your firewalls across multiple installations/campuses and the ability to share intrusion detection/malicions activity information. But back to TWS... I did find this on IB (see #8): http://www.interactivebrokers.com/index.html?html/tws/tws_applicationInstructions.html~top.body
taodr, NEVER EVER take a trade because of what some idiot in a public forum says, including the idiot writing this post. FWIW, I believe that the "trading Gods" rarely give you more than one chance to get out of a "bad" trade without getting smoked [by your definition you are in a hope type situation] In every circumstance where I hoped that one of my Investments [God forbid I should ever "hope daytrade"] I have gotten CREAMED. My wife and I bough HALO, old symbol, HMK. We knew the stock well - it is headquatered about 5 miles from where we live. My wife had even done some work for them and knew the CEO. We bought 2000 shares of the stock at 7, and immediately saw it go to 12, for a 10K gain. Shortly after that, the stock became wild, and slowly started going down. I told my wife that we should get the hell out at 7, then again at 5, but she believed that the stock was going to 32! I told here that was fine, and that we could always get out and get back in - nope, it was going to 32. Well, to make a long story short, HALO is now ZERO, and not only did we blow the original stake, we blew the PROFITS. It is one thing to stay in GE and ride it down, with nearly zero risk that it is going to ZERO - it is another to ride HMK or CKP on its way down. nitro