RE: Panther and Firewall API?
RE: Panther and Firewall API?
- Subject: RE: Panther and Firewall API?
- From: "Huyler, Christopher M" <email@hidden>
- Date: Tue, 2 Sep 2003 10:25:08 -0400
- Thread-topic: Panther and Firewall API?
>
Here's something to think about...
>
Yes, Apple includes some firewall capabilities with Mac OS X and we
>
could most certainly add some APIs to interact with "our" firewall but
>
what do we do for other firewall packages, firewalls that are included
>
with your network hardware, firewalls maintained by the corporate IT
>
departments, ... Is having an API that tells you that port 80 is not
>
being blocked on your system by our firewall software really useful
>
when you've got a (pick your favorite brand of) router that's blocking
>
the port?
I understand that we can't predict every situation where there will be a
firewall, but Apple is providing this firewall with their operating
system which means everyone has it and everyone has the ability to click
"start" under the firewall tab. If a user was required to configure
their (pick your favorite brand of) router, they would only have to do
it once, not for every machine behind the router.
Consider the following scenario, which will possibly occur when clients
install our software:
A network administrator sets up a Macintosh computer lab (possibly in a
school) and while installing software turns on the firewall for each
machine to protect against viruses. After everything is up and running,
management decides they need more security against viruses so they
purchase our enterprise antivirus solution. The network admin now gets
the fun job of installing this on every machine. Unfortunately there is
no 'software delivery' for OSX so he already has to run around in stick
the CD in every machine or navigate over the network to find the
installer (something we would like to also automate in the future).
This installer, per Apple's request, should be quick, straight forward,
and easy. If it were possible, I'm sure this network administrator
would prefer to automate adding our firewall rule for every machine.
Typing in the description and the port range on over 50 machines after
the install completes would get very tedious.
We already know that a small detail like this will be important to our
clients. We have already developed a "competitive uninstall" for our
Windows product which will detect and run a competitor's uninstall
script during our install. It only works for the big name competitors
right now but it has become very popular making a switch to us very
appealing. I don't know whether an option like this is in the future
for our Mac product but you can see that the more automated things are,
the more appealing we are to customers. Seamless integration into a
customer's current network configuration is a must.
--
Christopher Huyler
Computer Associates
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.