On Tue, Aug 17, 1999 at 10:38:23PM -0500, Jason LaFlair wrote:
<SNIP>
> We will be laying a T1 line into our building. We need to protect (allow
> nothing in) our current NT server and open up our new NT internet box for
> the web and e-mail (the web and e-mail MUST be NT).
>
> Firewalls of interest:
>
> Watchguard
> Check Point Firewall-1
> Cisco's PIX
The answer to this question is in two parts:
1) What does the firewall have to do and can each of the products do it
2) Which one do you know best or the consultants you will be using know best.
For question 1 I think you'll find that in most situations with most normal levels of
threat all these products will fulfill the requirements. In fact I would say that for
most people the product chosen has much more to do with the skill of the implementor
than with the capabilities of the firewall.
The answer to question 2 really tells you which product to use as a firewall is only
as secure as the weakest link: and that link is normally the human
configuration/interaction ;-) So if you are doing the implementation and you know
cisco IOS then the shortest jump might be to PIX: OTOH if you hire someone to do it
they are likely to have lots of experience with FW-1.
I think that the 'per seat' chargest on MS stuff is for people logging into a domain
so has nothing to do with a web site so you should be fine with the normal 5 user
license.
Best wishes,
Steve
--
"Hacker, terrorist, pornographer, drug trafficker,"
"That's it -- the four horsemen of the Apocalypse."
J.Granick referring to the US publics fears.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
