We run Symantec (Axent) Raptor on a twin 296Mhz Sparc CPU 512MB ram) Solaris platform. We support 5,000 users and 1.3 million hits(files) a day, 2/3 Internal users, 1/3 visitors to our web sites. It rarely gets above 40% CPU usage so capacity is not too much of a problem. This gives about 700MB of log files a day. It seems to have fairly strict proxying since it kicks out the Microsoft feat command on FTP and hotmail last summer when they switched to Win2K (where web pages didn't have trailing CR?LF after headers). Complaints have been made because it enforces TLS HELLO when proxying HTTPS (causing applications trying to send binary through HTTPS to fail). Configuration is OK when using a GUI but impossible other than with GUI and with files not well documented. Although it allows remote management, one has to configure each firewall independently. No way to handle rules for a large number of firewalls in a distributed manner. Logfiles have a lot of information (but not completely documented) but it comes with no logfile analysis tools (there are third party tools available though). Configurations are hard to document (no cross reference utilities etc.) although this is better in latest version (Raptor 6.5). Some proxies seem to be robust but others (Oracle SQLnet) are not. There are lots of complaints on Raptor support list (see http://www.firetower.com for back entries) about VPN compatibility. It is missing proxies for some common protocols (pop3, Winframe, SQL Server), but does have a fairly good IFS/NetBIOS proxy (which validates all CIFS commands) useful for allowing shares between server segment machines and internal databases. It has a DNS proxy that is a pain to configure because it uses /etc/hosts files with commands in the comments rather than BIND style data files. The SMTP proxy can use RBL but it only allows HELO and 7 bit data, not very good for non English headers. We have an associated entity that runs Gauntlet. They have had many problems with configuration that allows spam relays and DNS problems. They do not have people resources to properly maintain it so have contracted out (SGI). This cause no end of finger pointing and delays in change management but I have not had to touch the metal yet. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, January 29, 2001 18:54 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Firewalls - Raptor, Gauntlet, Sidewinder Hi Ben, I'd like to see a reasonable comparison as well - though I don't expect we'll really see it. From experience all three boxes work fine in so-called "normal" conditions...but fail miserably when the conditions are not "normal"... Gauntlet seems quite good at supporting small offices, but fails without warning when you try and firewall an large org (read one org, 4500 staff at one site, 1.3million http requests/day). NAI's support is useless since they now have so few skilled people left (we tried to get support for an unexplainable problem with the proxies dying - it was one week before christmas - no consultants available to fly from Australia)... Raptor will possibly go the same way. Sidewinder has looked attractive to us, though lack of support in SEAsia is a problem. Which brings us to FW-1... lots of support, even competing providers in places like Singapore... sure the program is not great and it installs insecure out of the box... but its stable, not part of a big non-firewall conglomerate and there's lots and lots of support. Mind you I'm still not keen on it, we'll probably go to a configuration where web traffic goes out through hardened squid based firewalls, incoming web traffic goes through to a DMZ made from FW-1 (outside) and Gauntlet (inside).. that way we get stable fast web access (squid), fast access for our customers (fw-1) and decent security for our internal networks.. Cheers, Bret - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
