what is best choice to defense my network with web security gateway bridge or proxy and why ? is proxy solution gives the same defense ? i think bridge is better ? because it can defense you from more application control like peer to peer and remote access etc is it true ?
which appliance is better ? for 100 users and 50 server 2 seperate seagment by firewall line 20 mega upload and 2 mega upload ? if i use bridge mode means i need 5 interface with 4 interfaces fail-open feature and 1 for mgmnt what is the cost effective solution ?
the proxy modes (transparent bridge, explicit proxy, etc.) only define how the traffic is routed to MWG. The same features are available. In transparent mode MWG will intercept the specified ports (80 and 443 for example), all other applications are simply forwarded and not filtered. For non-HTTP applications you will need a proxy/firewall that is capable of filtering those protocols.
On MWG you can only setup one bridge interface per appliance. It comes with 4 NICs, so you can have 2 for the bridge and one for management tasks and/or cluster communication. In case you have two network segments you need two boxes or place the box at a place where both network segments come together, maybe in front of/behind the firewall before reaching out to the internet.
Most questions in regards to sizing, the best setup for you and prices should go to sales. Please contact a local sales representative, they will provide you with all information that is required.
is it secured to put appliance infront of firewall behind internet router ? is the appliance has firewall features like defense against DDos and access only from defined ip's ?
Basically it would be preferred if there is another firewall layer protecting MWG from unauthorized Internet Accesses. It is similar to every other service you run, usually you won´t run it unprotected. MWG has a rudimentary firewall feature called network protection. You can restrict inbound traffic and device to drop/accept it. However there is no dedicated feature set for detecting attacks against the proxy or to allow MWG to defend itself.