At 08:08 AM 2/29/00 -0500, you wrote:
>This is, by the way, one of the kinds of problems cited by those of us who
>believe that stateful inspection firewalls are generally insufficient for
>serious security. Every time you read marketing literature about how a
>Firewall-1 firewall is "application aware" think about this. Every time
>you read about all of the services that are "handled" by the firewall,
>think about this. This is the sort of thing that is difficult to get right
>in a packet screening firewall unless you are dedicated to rewriting
>TCP/IP in the content filtering engine.
>
>Everything is simpler and easier with a stateful inspection firewall,
>including shooting oneself in the foot.
So, what do you suggest then, for a client who wants a Windows NT based,
"Off the Shelf", commercial grade solution for roughly the same price?
We're currently running a FreeBSD, TIS FWTK solution which works _really_
well. It has been decreed however, that it is outdated and due for
replacement (I have no say in this decision). So... I've evaluated
Firewall-1 and Raptor. I found Raptor to be a low quality product, with
poor documentation, that didn't work as advertised. I've set up Firewall-1
for other clients, and it seems to be doing the job quite well. It's easy
to manage, and aside from the painfully slow logging interface, appears
quite reasonable. It works as advertised, and comes with good documentation.
Cheers!
Jon
-----------------------------------------------------------------
Jon Earle (613) 612-0946 (Cell)
HUB Computer Consulting Inc. (613) 830-1499 (Office)
http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
"God does not subtract from one's alloted time on Earth,
those hours spent flying." --Unknown
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
