> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 30 January 2001 10:24
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Firewalls - Raptor, Gauntlet, Sidewinder
>
[...]
> Gauntlet seems quite good at supporting small offices, but
> fails without warning when you try and firewall an large org
> (read one org, 4500 staff at one site, 1.3million http
> requests/day). NAI's support is useless since they now have
> so few skilled people left (we tried to get support for an
> unexplainable problem with the proxies dying - it was one
> week before christmas - no consultants available to fly from
> Australia)...
Seems to be a common complaint in this region. (I'm _in_ Australia).
> Raptor will possibly go the same way.
>
> Sidewinder has looked attractive to us, though lack of
> support in SEAsia is a problem.
I've had both of those thoughts recently.
> Which brings us to FW-1... lots of support, even competing
> providers in places like Singapore... sure the program is not
> great and it installs insecure out of the box... but its
> stable, not part of a big non-firewall conglomerate and
> there's lots and lots of support.
>
>
> Mind you I'm still not keen on it, we'll probably go to a
> configuration where web traffic goes out through hardened
> squid based firewalls, incoming web traffic goes through to a
> DMZ made from FW-1 (outside) and Gauntlet (inside).. that way
> we get stable fast web access (squid), fast access for our
> customers (fw-1) and decent security for our internal networks.
*sigh* You're lucky - you only have one site. Imagine what it's like for
those of us who need to make recommendations on these products. I can't
believe I'm sitting here considering FW-1 as the least evil product, despite
being probably the worst in terms of security. If I could build a suite of
open source boxen (like your squid box concept, but also for mail, dns and
probably a SPF like ipfilter) then I'd be happy that I could produce a suite
of products that people could trust. Trouble is that someone would need to
pay me for a year while I worked out how to make it scalable for multiple
customers, centrally monitorable and policy configurable, build a support
capability etc.
> Cheers,
>
> Bret
Now I'm all depressed.
*sigh*
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
