Checkpoint firewall is not a product of IBM. It is one of a few firewalls
that run on AIX and so IBM sites are remiss not to look at it if they want
to use a consistent AIX platform. This does mean the IBM FW product
is deficient. It means IBM want to sell more RS6000s
I have installed and deployed Checkpoint, IBM/AIX FW, Raptor and Gauntlet many
times and find the IBM firewall to be very strong in its capability to allow
the administrator to fine tune the filter. The capabilty to determine logging
detail is also very strong. The filters, are "stateful" in that they
look at packet detail on each interface and in each direction on that interface.
It is true that you should have a clear understanding of tcp and a clear
understanding of what you are doing. I agree that it should not be anyone's
first firewall experience if requirements are nontrivial. It is also
true that once you have a sucessful installation, you have increased knowledge,
not only of the product, but of the tcp protocol as well.
BTW: the newer versions have been written with a GUI that helps
new users who are doing very basic type configurations.
It is a solid product that is competively priced. I do not sell products
only services, so this is not a pitch.
Karen Duncanson, CISSP
Annalogic Solutions Inc.
810-518-1406
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
