At 4:37 PM +1100 2/15/99, Warren Brickett wrote:
>
>
>Can anyone help me with this decision I need to make?
>Does anyone have any opinions on which is the better of the two firewalls
>to go with: Checkpoint or Interceptor? (and any reasons why one is
>preferable to the other)
>
Warren, better is relative to one's criteria, so I don't want to go
down that subjective path.
But, I find the Interceptor impressive, due to the broad range of
functions that it puts in one box. My take is that it's a secure
Bastion Host, which not only proxies, but supports split DNS, a mail
relay, will do address/port mapping (can hide your internal network)
and filters. And cost a fraction of Ckp's FW. I don't think it's
a full solution, but can be a key contributor. Surround it with
a couple of C-2611s with Statefull packet filtering (which I haven't
yet tested) and it sounds like a good start. Add ISS's RealSecure,
Tripwire and few other tools to monitor system states, logs and
active response to network anomalies and the Interceptor seems a good
compliment to this type of setup.
This advice is worth at least what you paid for it :-)
But hopefully this will generate some substantive debate.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
