At 17:42 28.06.2000 +0100, Rui Pedro Bernardino wrote:
>
>My Sidewinder(s) 4.1 run on a hardened BSDi 2.0; I like BSDi (used it
>with Gauntlet), but I had a lot of problems running Sidewinder on newer
>hardware, although some patches improve that.
This of course was a big problem.
>Sidewinder 5.0 seems run on a newer version BSDi
Yes it does.
>but my vendor keeps, telling me it is too early to go for it.
>Taking aside "type enforcement" (which is quite neat actually) and a few
>SC add-ons, Sidewinder 4.1 is just a bundle of old free software with a
>gui. Perl 4, CERN (!?!?) httpd/proxy, outdated bind and sendmail
>versions (both have know serious bugs, thank god for type enforcement),
You're right, but the OS on a FW-1 box has lots of bugs too
(regardless if you use NT, AIX or any other) and the FW-1 itself
has also many bugs (fragmented IP-packet handling, spoofed ACK, ...)
>remote administration requires another SW or using unincrypted X...
The new version is more up to date and uses encrypted administration.
>Checkpoint's FW-1 runs pretty well, at least for my needs. It's fast,
>it's simple and if you take care, you can have a decent firewall out of it.
Yes it's easy and simple. But nobody says that anyone can install and properly
configure a Sidewinder. There must be a reason why anyone can buy and sell
FW-1
and SCC requires some training before you can sell a Sidewinder.
>Of course, it is still a nice packet filter with some add-ons.
The old religious war: packet-filter or proxy....
Best regards
O.Reeh
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
