On 15 Dec 2001, at 19:13, Chance Ellis wrote: > I am new to this list so please excuse me if this has > been asked. I did a few searches that didn't turn much > up. > > This is an RFC on which solution would be better. I > understand things like current infrastructure may have > an impact and of course budget. But all of those > obvious things aside, which solution has better > technology? Which has the best feature set? Is there a > Pro/Con Apples to Apples comparison of firewalls out > there? > > Also, if someone recommends something other than PIX > or Raptor, what is it and why? > > Any help that can be provided is greatly appreciated! > > Thanks, > > Chance Ellis
There are two basic approaches to building firewall devices: packet filtering or proxying. Packet filtering tends to have better performance for a given price point; packet filtering can detect and block some attack forms that packet filtering may not. PIX is primarily a packet-filter firewall, with some idiosyncrasies that people seem to either love or hate. Raptor is a proxy. I don't think it was the leader in this category before Symantec bought it, and I've seen nothing to suggest they've significantly changed it -- besides making the box yellow. If you decide that packet filtering is sufficient, the PIX is a fine choice. If you decide, though, that you're more comfortable with a proxy, I'm not sure Raptor should be your first choice -- although a recent review might change my mind. David Gillett _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls