Well, I don't know how it is in V4.0, but under version 3 the FW-1 stuff
stunk. There were things that didn't work and there weren't many people
recommending that as a solution. I experienced the joy of using one
only once (after using on Solaris). It seemed like there were more OS
patches than OS by the time we were done, then some things still didn't
work (I think it was the IPSEC stuff, ended up using FWZ1). I was
trying to use it as one end of a VPN.
Philosophically, I tend toward appliances wherever possible. Having a
general purpose OS performing as a router (for instance) isn't usually
an optimal situation. A possible exception to this is probably the
Nokia box with fw-1. It is reportedly very sprightly on the network i/o
using (I believe) the FreeBSD tcp stack. The Crisco PIX has come a long
way since it's inception and I haven't played with it lately. It was
basically only a NAT box when I last fiddled with it. I understand it
groks stateful inspection now and if I were in the market for a
different firewall setup, it would be on the list of evals.
"Intrinsically lazy, therefore creative"
PGP Fingerprint: 22 68 D5 18 7F 3D D2 28 38 97 90 97 17 55 61 59
GPG Fingerprint: D5C0 2D79 F517 EEB6 D30B 58B3 9E37 E7CA 47A9 56EE
On Wed, 22 Sep 1999, Lana wrote:
> I am looking for opinions on the pros and cons of PIX vs. FW-1 by
> CheckPoint.
> My vote is for the PIX because than I can free up the NT server for
> something
> else. My boss is leaning toward the software solution. Opinions?
>
> Thanks,
>
> LS
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
