I like the idea of appliances, too, but this particular appliance
(WatchGuard) lacks a lot of imporant features.
There are good appliances. We're looking at Nortel's (Bay's) Contivity
Extranet Switches. These devices really blow away Checkpoint for VPN
(which is what we were using previously). They're easy to manage and
the clients work great (SecuRemote has lots of user issues). They allow
secure split tunneling, unlike SecuRemote (which leave the clients open
to connections on the Internet). They also have lots of filtering
capabilities. Nortel will be adding FW-1 to the switch as an upgrade (I
have no details on this, though).
Network Appliance has some cool products, too, but they're not firewall
related.
Jen
"Randall, Mark" wrote:
>
> Personally, I'm recommending the firewall appliance type of solution. The
> very thread on stripping an OS for firewall use is one of the big reasons.
> These appliances are built stripped and that isn't likely to change.
>
> My biggest reason is simply that I don't want to see a client tempted to run
> another service on the firewall box. I can just imagine a company that runs
> into budget constraints and wants to add network services...they see a
> perfectly good server sitting there and it's not doing anything but running
> the firewall, right?
>
> Forget the NT vs. UNIX debate. I'm tired of arguing with people that
> blindly follow Microsoft and refuse to deal with the technical facts. We
> push the idea of a network appliance. Power cable and network connections
> with perhaps a power switch on it. ;-)
>
> -----Original Message-----
> From: Wong Chun Meng [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 21, 1999 3:37 AM
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: Why not watchguard 2 ? (read on)
>
> Seeing as the ongoing debate on "why not NT" is getting repetitive (on some
> points IMHO), why not use a blackbox to solve the problems of a
> weak/misconfigurating an OS. With a blackbox, you don't have to worry
> anymore on the OS (if you trust the strip down Linux OS in watchguard that
> is) but just the configuration of the firewall. So now we have the question,
> is watchguard 2 any good? Is it on par with Firewall-1 (on a solaris for nix
> sake) in terms of the firewall security (regardless of securing solaris ok)?
> I was hoping you guys can give me some input on this.
>
> As I see it, some of you guys might argue to have the ability to have some
> control over the OS. Why so? Is it really important to have full control of
> the firewall OS? I can think of one reason actually, but it's not really a
> big issue... so my question again, is it really essential?
>
> TIA for any input. I'm actually presenting this argument to some
> vendor/clients. So any comments is deeply appereciated.
>
> Wong.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
