Andy Beer wrote:
>
> Thread,
>
> I use Gauntlet and like it alot. By nature, a proxy firewall should
> be more secure then a stateful packet filter (FW-1). However, now
> Gauntlet has added that capability has well. The GUI administration
> for FW-1 is strong then Gauntlet, although it was just upgraded. Has
> anyone compared these two firewalls and does anyone have any
> opinions? Thanks in Advance.
I've installed and used Gauntlet 3.0 to 4.1 (on IRIX and BSDi), fwtk
version 1.? and 2.0 and really loved them all. Ok, the GUIs on the
Gauntlet 4 did stop working on most browsers (mostly JAVA fault, I
figure), but the firewall's kept on working.
Enter Gauntlet 5.5 on NT... awfull documentation (mostly copy paste from
older versions), lots of "packet-filter" features, *lots* (and I mean
LOTS) of bugs (I'll mention one that comes at the end of the README: if
you use hostnames in any of your rules, SMTP proxy will stop
working?!!??!), no support at all at NAI site, some services just don't
work, random reboots and service halts. Just avoid it.
Checkpoint's FW-1 has lots of weird "features", but they are mostly well
documented and you can get lots of information on the Internet. Ok,
"stateful inspection" isn't as safe as "application gateways", but "the
safest firewall" is using it too.
My opinion? Stick with old but mostly reliable Gauntlet. That's what
I'll do.
Regards,
--
Rui Pedro Bernardino / Av. Miguel Bombarda, 4, 8o / 1049-058 Lisboa /
Portugal
If I don't see you in the future, I'll see you in the pasture.
S/MIME Cryptographic Signature
