"O. Reeh" wrote:
>
> At 10:45 06.06.2000 +0100, you wrote:
> >Ivan Fox wrote:
> >>
> >> Can Sidewinder replace Check Point? Any comments/suggestions are greatly
> >> appreciated.
> >
> >They are both pretty bad, but at least Checkpoint's has a nice GUI and
> >(mostly) does what it is supposed to.
>
> you should explain this a little bit
>
> >Sidewinder has nicer specs, although it is really a big piece of junk
> >made out of obsolete software on top of a tampered, once nice but now
> >mostly obsolete OS (BSDi 2.0, two version behind recent releases).
>
> Sidewinder is based on BSDI 4.1, so don't talk about products when you
> don't know them
My Sidewinder(s) 4.1 run on a hardened BSDi 2.0; I like BSDi (used it
with Gauntlet), but I had a lot of problems running Sidewinder on newer
hardware, although some patches improve that. I figure you may check
your BSDi's version during the install process.
Sidewinder 5.0 seems run on a newer version BSDi, but my vendor keeps
telling me it is too early to go for it.
Taking aside "type enforcement" (which is quite neat actually) and a few
SC add-ons, Sidewinder 4.1 is just a bundle of old free software with a
gui. Perl 4, CERN (!?!?) httpd/proxy, outdated bind and sendmail
versions (both have know serious bugs, thank god for type enforcement),
remote administration requires another SW or using unincrypted X...
Checkpoint's FW-1 runs pretty well, at least for my needs. It's fast,
it's simple and if you take care, you can have a decent firewall out of
it. Of course, it is still a nice packet filter with some add-ons.
I really believe that SC *tried* to deploy a product that looked nicer
on the specs than FW-1 but they got just that. Perhaps 5.0 will prove
i'm wrong.
Regards
--
Rui Pedro Bernardino / Av. Miguel Bombarda, 4, 8o / 1049-058 Lisboa /
Portugal
A Fortran compiler is the hobgoblin of little minis.
S/MIME Cryptographic Signature
