Shay Hugi schrieb: > Adminiweb has announced their web management system for the NetGAP Firewall > Appliance... > Do you guys (GURUS!) consider this issue while buying a product.. I mean > the existence of a good management system..
A good management system is one of the major differentiating features in firewalls on the market today. Comprehensiveness of configuration to the designated administrators is very importat so that they always know what they are doing, and logging/alerting features are just as important. I would never go for a web-based management system though for a firewall, as I would consider HTTPS too complex a protocol and too widely implemented; also, it usually *will* make people modify their firewall configuration from remote locations without properly documenting it. Firewall management in my opinion should mainly happen from the inside and over VPN/SSH tunnels, and should use proper certificate checking. It should never be attempted from untrusted computers, and this is very possible with web based management. You never know when there's not a hardware device attached recording your keystrokes... > A web-based system? Snmp management supported? And other features... Such as > graphs, syslog traps and firewall logs analysis? Graphs would be fine, as far as firewall log analysis goes - it's important. I wouldn't like SNMP management, as SNMP is utterly, utterly insecure in my opinion (a firewall might support throwing traps, but it shouldn't support management over SNMP). > Or that you count on the good old CLI for this job? Even though I am a CLI user in general, I wouldn't really recommend this with firewalls. As stated earlier, it is *very* important at all times to know what you're doing - a GUI does a far better job in visualizing network structure. Best Regards Jan _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
