This I have to comment on,
WHY IN THE WORLD DO COMMERCIAL FIREWALL VENDERS DECIDE THAT YOU HAVE TO
HAVE TWO MACHINES TO RUN A FIREWALL??????
nowdays you need one box to run the firewall and a "management" box to
configure the firewall (and most of them require that the management box
be a NT machine even you are installing the unix versin of their firewall.
I undestand that it is a "nice option" to be able to configure your
firewall without having to go to the computer room and log into the
firewall, but why is it becoming mandatory?
for that matter, while a GUI is handy, especially for beginners, why have
all the firewall endors now made it so that it is not possible work
without a GUI? Last I checked X was not considered a "safe" protocol, but
now it is _REQUIRED_ to be run on your firewall!
As for GUI being the "proper" or "best" way to configure a firewall, that
very much depends on what you are doing. I am in the process of replacing
a firewall based on the FWTK with a Raptor firewall`, this is an internal
firewall that is passing odd stuff so I am limited to useing the plug-gw
or Generic Service Proxy (I realize this provides limited security, but it
does port/IP limits and IP isolation, no non-custom proxy or firewall will
do any better) With the FWTK I needed to add 1 line to two files (proxy
config and startup) and much of this can easily be scripted with Raptor I
need to go to 5-6 different windows and make ~30 mouse clicks that cannot
be scripted to do the same thing. But Raptor is "better" it is "easier to
manage" becouse it is a commercial product and has a nice GUI
end of rant.
David Lang
On Fri, 21 Jan 2000, Frank Heinzius wrote:
>
> > geologically unstable areas. Flash is still very expensive compared to
> > disk, and I haven't seen any of the appliance manufactures address local
> > logging without using a hard drive.
>
> Logging shouldn�t be done on the appliance...loginfos should be sent to
> the management server.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
