I've looked a Gauntlet before, and it appears to be pretty secure, although
very slow. I had it running on a Sun Ultra 250 over here, and the
performance was not a good as Raptor.
As far as Sidewinder is concerned, they claim that, like raptor, it is an
application proxy. It's the most important thing I'm looking for in a
Firewall. I wouldn't even consider it if they didn't make that claim. Of
course, management wants to go with Checkpoint FW-1 and I'm trying to
convince them that it's a bad idea.
And in regards to Raptor EC (AKA Altavista Firewall), I got to play with it
a couple times, and I was not impressed, especially with it's VPN
functionality. It created separate interfaces for each VPN license
configured on the box. They may have changed that since I last looked at it
though. It also runs on Alpha NT as well, but I would use TRU64 before that
any day.
-----Original Message-----
To: 'Jeremy Melanson'
Subject: RE: Secure Computing Sidewinder...
You do realize that moving from Raptor to Sidewinder represents a complete
paradigm shift, I hope? Sidewinder is generally considered a packet
filtering (screening) firewall, whereas Raptor is generally a proxy
firewall. This could have implications on how your entire network is
configured for IP, depending on if you are doing NAT on the firewall, or
through a router behind the firewall. Make sure you fully research the
entire impact of the change before moving into action.
One thing you'll also want to research is which type of firewall best meets
your needs. Assume that in all situations you have NAT running. Then you
only have to consider publicly available servers and outbound web traffic
(aside from your VPN connections, possibly). Port filtering is fast, but it
can be fooled. Proxy isn't as fast, but it does a lot more for you,
literally terminating the TCP connection on one interface and opening a new
connection on the other interface. Stateful inspection (aka Circuit
Gateway), such as Checkpoint, is essentially a filtering firewall, with the
exception of examining the entire state of the connection, often
reassembling streams, to a point, to determine if anything malicious exists,
before forwarding.
That being said, you might want to look at Gauntlet as an alternative. Also,
AltaVista 98 was purchased by Axent and renamed Raptor EC. If it's being
sold, that would probably suit your needs, too, though it may only run on
Compaq Tru64. One thing you'll find, however, is that there are no silver
bullets for VPNs. It's still a rather immature field.
-----Original Message-----
To: [EMAIL PROTECTED]
Subject: Secure Computing Sidewinder...
Has anyone had any experience using Secure Computing's Sidewinder firewall?
Anything good or bad about it?
I'm looking to replace my Raptor 6.5 NT installation with a Sidewinder
installation. Raptor has some serious problems with it's VPN product (Mainly
accessing NT shares and such) which I have been told has a patch currently
being developed for it (which I was told 6 months ago and still haven't eard
or seen anything about it).
Any input on Sidewinder would be greatly appreciated.
:-)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
