Hi, Tom - How many firewalls are you talking about? Don't forget the management tool you'll need to run these puppies! There are fine firewalls out there with crap management tools. Depending on your scale this is can be a killer.
Things you might want to focus on: * administrative authentication & access controls * traffic levels you'll need to support (# of concurrent sessions, etc) * high availability configurations supported * quality of available user community * quality of available documentation & training * log management tools * packet statistics, reporting, etc. * audit trail for admin actions * policy management - does the system support inheritance from template policies, intelligent reuse of policy objects, revision control * vendor licensing model - how customer focused is the vendor? * support for third party tools (auditing, log management, network analysis, etc.) This list is just off the top of my head. I'll follow up with anything else that comes to mind. Cheers, --Trey > I'm sure this will generate a lot of opinions :-) > > We want to take a look at upgrading some rather dated Cisco firewalls. > We've been a Cisco shop since, well... forever. > > We want to look beyond Cisco (if necessary) to get some real best-of-breed > solutions. > > Of course, everyone's requirements are different, and ours are often > "really different". > > We have a set of requirements based on our current systems and > architectures, but want to get a more comprehensive > evaluation and see what other people have done for their evaluations. We > do lots of product evaluations, but want to > see if anyone has some ideas for evaluations that we've missed in the > past, or if there's anything we can point to as an > "industry standard or best practice". > > So, I'm looking for references on firewall evaluation *methodologies* and > *tools*, not specific firewall requirements or > firewall product recommendations, although those requests may come later. > > So, before we go roll our own: > > First, does anyone have a standard, documented evaluation methodology that > they are aware of or even liked? I'm not a > PCI or e-commerce person, and my DoD-fu is very dated. Are there standard > methodologies from those (or other) areas? > > Second, anyone have a favorite tool for functional/stress/performance > testing firewalls? > > Feel free to reply off list and I'll keep any private replies, well, > private. > > Thanks, > > --tep > > > > > _______________________________________________ > Discuss mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
