Jim,
You have narrowed down your choice betweenCheckpoint
and Gauntlet products.
But you need also to finally choose the Base OS
that would be running on your Bastion host. This is
also important. is it NT or Unix. if unix , which
flavour.
You also say that you have 50 hosts internally to
take care of. So pricing should be discussed as
well with the resellers of the products.
You also say that ease of configuration and
management would be a deciding criteria.
As far as ease of configuration is concerned, I can
speak for my own experience of installation is that
for a sys admin this would not be a great deal. True
installing any product for the first time is
learning and involves a learning curve(as with any
software product). And no vendor would try his best
to make the configuration as difficult.
The point is that the sys admin should understand
the configuration steps so that he knows what are
the consequences of a particular configuration.
eg IP_FORWARDING. enabling and disabling should be
clearly highlighted in the configuration steps and
the USER INTERFACE should be revealing or intutive
as to the present state of the firewall.
Reporting and logging features are a big factor.
Would you want to use third party products for
log analysis or just want to use the one that the
firewall vendor provided ? (You need to decide now
before you purchase a firewall)
If you are buying a Checkpoint then buy the
single gateway model as you say you have only 50
nodes.
As far as Gauntlet goes, it is a proxy based and
checkpoint is a packet filter firewall. checkpoint
would have many third party products support and
with Gauntlet it would have complementary products
from NAI.
you may also want to look at conclave firewall
from interdyn.com , sidewinder from securecomputing.com , cisco 's
PIX firewall
and IBM 's eNetwork firewall(for NT).
These are some of the products that I have installed
and configured and have the backing of some proven
organisations.
But first decide these:
1. Base OS for the firewall.
2. Security policy of the organisation.
3. Reports and logs (what info does your company
need from the firewall)
4. VPN support
last but you may add .... tech support!
If you have written down these and management agrees
then start shopping for the firewall.
Best is ask the respective resllers for a 30 day
trial.( almost all resllers offer these )
Now choose among these. These steps would take
time but it is worth it. After the firewall would
stay with you for the next one or two years.
I hope this helps in your final decision making.
If you have any other question you may email me
at [EMAIL PROTECTED]
Thanks
tally
-----Original Message-----
> From: Jim Comen [SMTP:[EMAIL PROTECTED]]
>
> Hello,
> I'm trying to determine what the best OS for my site would be. I've
> narrowed my choices to Firewall-1 from Checkpoint and Gauntlet from
> Network
> Associates. I've looked through various product reviews but it seems
> that,
> for whatever reason, none of the firewall reviews include both
> products.
>
> If this is any indication of usage, I've seen more posts regarding
> Firewall-1 than Gauntlet. (I recall reading that Firewall-1 has
> something
> like 40% of the firewall market). Both products seem to do a very
> good job,
> albeit using different methods although they're heading for some
> convergence
> (Firewall-1 seems to be adding proxies while Gauntlet is adding
> dynamic
> filtering).
>
> Firewall-1 has better performance (although the adaptive proxy feature
> of
> Guantlet should close the performance gap). Firewall-1 has more
> choices for
> security add-on (virus scanning, intrusion detection, etc) while, at
> least
> from the literature, Gauntlet seems to have their basic Guanlet Active
> Firewall better integrated as a single unit.
>
> We're a small site with less than 50 nodes so performace probably
> won't be
> an issue. I value ease of configuration and management as this is the
> area
> which I am most concerned about (The cybercop monitor feature of
> Guantlet
> sure looks good here).
>
> Can anyone provide either opinions of the two, comparisons of the two,
> or
> real world experiences with them?
>
> Thanks
> Jim
> -
>
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
