Re: Hardware firewall(NEWBIE)

Frank Heinzius Fri, 21 Jan 2000 04:47:48 -0800
Hi,

On 21 Jan 00, at 14:17, li ming1 wrote:

> Some NEWBIE questions:
>     Are there anyone using hardware firewall? 

Yes. Lucent Managed Firewall (http://www.lucent.com/security). There are 
two parts: the hardware, a blackbox, called "Brick". It uses a dedicated 
OS called "Inferno" (see http://www.lucent-inferno.com/inferno), is a 
bridge level device and dedicated for dynamic stateful packet inspection, 
VPN tunneling and NAT...
Management is done on a seperate machine, the Security Management Server. 
Runs on Windows/NT or Solaris.

>     Would you please tell me why you use(or don't use) hardware firewall in detail? 

We prefer dedicated appliances in contrary to firewalls based on general 
purpose OS for the following reasons:

- more stability
- more security
- higher performance
- ease of use

>     Since hardware FW can perform several thousands of rule matching
> operations in parallel, does this means hardware FW always
> has more throughout?

Not necessarily. You can for example install Checkpoint Firewall-1 on a 
really *big* SPARCserver to get more throughput.

> Is Hardware FW more easy to use?

In this case, yes. Just bring in the box, attach cables. You generate a 
boot disk for the first-time install. After that, the box gets it�s 
configuration over a secure channel from the SMS. If you change units, 
just put in the disk, so it takes 3 minutes to set it up in case of 
failure or location moves.

> What's the current market situatuion? Is Hardware FW  the trend of the FW?

Of course there is a trend. But it�s not easy to generalize. Take Nokia: 
there hardware-solution is based on a reliable stripped-down PC with a 
stripped-down Unix and Checkpoint Firewall-1 on them. They are known to 
be quite stable and much more easier to set up than a Solaris machine 
(where you have to install OS, install a bunch of patches, harden the OS, 
install additional security tools and then install FW-1).

In the low-price market, which gets more and more important, software 
solutions rule the market...



Kind Regards / Mit freundlichen Gruessen,

--
Frank M. Heinzius          MMS Communication AG         .~.
mailto:[EMAIL PROTECTED]        Eiffestrasse 598             /V\
http://www.mms.de          20537 Hamburg, Germany      // \\
Phone: +49 40 211105-40    Fax: +49 40 210 32 210     /(   )\
-- spam forbidden --       -- PGP key available --     ^^-^^
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: Hardware firewall(NEWBIE)

Reply via email to
