When implementing hard-ware based load balancing and fail-over using, e.g.,
RADWare's fireproof, Foundry Network's ServerIron and F5's BigIP (?),
someone commented that it is firewall sandwich approach. More devices are
involved. In addition, one should be aware of the active/passive or
active/active standby servers!
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Anton Heyns" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, August 17, 2000 10:55 AM
Subject: RE: Redundant firewall
>
> Anton,
>
> #I`m not sure if this is the right forum but here goes anyway. I`ve
noticed
> #that most of you use FW-1. I am currently looking at implementing a
> firewall
> #and have tested the Lucent solution ("The Brick") which I found easy to
> #implement as well as having a high level of security. I would appreciate
> any
> #advice on experiences regarding solutions and suppliers as well as
> gradings
> #on the different solutions.
>
> I looked at the Lucent Managed Firewall and it did seem pretty
> interesting. It is hard to suggest a firewall when I have no idea about
> your site needs. So, I will just tell you about my favorite firewall.
The
> Sidewinder is an application-layer gateway that runs on a trusted
operating
> system called SecureOS. This is actually the BSDI 4.1 kernel for
> Sidewinder 5. The Sidewinder engineers reviewed the BSDI code for
security
> bugs and placed mandatory access controls (Type Enforcement) in the OS. I
> have yet to see a firewall with more application layer proxies than
> Sidewinder 5.0. It has split DNS. It also has two sendmail servers for
> mail relay and some pretty advanced mail filtering capabilities that slow
> the box down way to much to use. Sidewinder 5 has a Squid proxy server.
> There is URL filtering built-in. The Sidewinder is slower than a
> Firewall-1 running on the Nokia platform but has improved in speed a lot
> with Sidewinder 5. There is a good load balancing solution with Radware's
> Fireproof. You do need to know UNIX, DNS, and routing as well as a little
> bit about Sendmail to adminster this. I don't think I would say that the
> Sidewinder is easy to implement but Secure Computing has some excellent
> consultants that will install it for you.
>
> Some vendor sites for firewalls:
> Sidewinder (www.securecomputing.com)
> Cyberguard (www.cyberguard.com)
> Firewall-1 (www.checkpoint.com)
> Guantlet (www.nei.com)
> Raptor (www.axent.com)
> BOrderware (www.borderware.com)
> PIX (www.cisco.com)
>
> Or, there is always IPFilter on OpenBSD or IPChains on Linux if you want a
> solution with minimal upfront costs.
>
> Regards,
> Jeffery Gieser
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
