Network Computing recently published an article listing differences between types and
brands of firewalls. You may consider visiting
http://www.networkcomputing.com/1023/1023f1.html to see their review.
Thanks,
-Dave
----------
From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, November 30, 1999 7:52 PM
Cc: [EMAIL PROTECTED]
Subject: Re: Firewall appliances
Thanks to all for the feedback on firewall appliances. Feelings are mixed.
Some people like appliances, but a lot of people mentioned that these
devices are lower end or less secure than other firewalls. Some people are
also turned off by the fact that the hardware and software are often
proprietary (people mostly mentioned Lucent, Cisco, and NetScreen -- partly
because I named some of these in my e-mail, I guess).
One of the issues we're trying to address (there are many) is what to do
with DSL users and other remote locations (1 to 5 person offices). These
offices generally have two needs -- Web access and VPN to our office. No
incoming traffic will be allowed into these offices, and only limited things
will be allowed outgoing. Features like being able to stop Java and ActiveX
incoming are great but my impression is that this isn't so much a
differentiating factor as most firewalls offer protection along those lines.
I'd add that these devices should have decent logging options, and that
there should be some way to manage all of these devices centrally. With
these needs, I'm not sure how bad proprietary solutions are, nor am I sure
that it matters that these firewalls are not as feature-rich as other
firewalls. However, I'm open to hear differing opinions.
Another issue we're trying to address also has to do with remote users and
offices. Most of these users (dial-up, DSL, frame-relay, VPN, etc.) only
need access to a subset of servers, and we'd like to put these on their own
subnet separated from the main network by a firewall. The problem is that
these servers are also in use by the people on-site (people on-site often
have access from home, so trying to create two separate groups may be
difficult), and that traffic to these servers can be intense (the Exchange
server would choke if it were limited to 10 MB/s). I'm really not sure how
many software-only firewalls can deal with this kind of traffic. Does
anyone have insight on this (either fast firewalls or the idea of separating
out servers for remote users)?
Thanks!
Jen
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
