DISCLAIMER: This is my personal opinion and does not constitute the opinion
or policy of Marconi in any way, shape, or form. At all. In fact, I wouldn't
even read this message - I'm probably lying just to trick you - security
guys do that all the time.
The Gauntlet E-ppliance has been dogged with some "weird issues" and is a
little "fragile". I don't think this box meets the criteria of an
"appliance" at all - if you're trying to install one without Solaris
expertise then you're taking some big chances. You could go NT, but the NT
product is no longer being developed. If you add to this the repeated
complaints about NAI's declining level of technical support that you can
find on the gauntlet list, I would tread very carefully if selecting this
platform. The VPN setup and interop seemed fairly intuitive, with decent
debugs available - I only tested interop with IOS, though, which I know
well.
Checkpoint in general has always had a rep for "easy to use, moderately
sucky for security". That's about how I find it. The track record of the
product should make you a little nervous if you're using it for a
high-security target. If you don't know if you're have a high-security
target then you probably don't - forget I mentioned anything, you'll be
fine. FW-1 has its own bag of strange issues, but due to the very high
takeup of the product it's amazingly easy to solve complex problems with
very little product experience (assuming you understand all the priciples)
because of the depth of support online and in mailing lists. VPN interop is
good - I've tested with PIX and IOS with no real problems.
All in all, if it weren't for the stories about bad experiences flying about
concerning Gauntlet support, I would have no _major_ problems with
Checkpoint up front and Gauntlet at the back, terminating VPN traffic on the
Gauntlet. Your life is very likely to be hell, though, unless you have good
staff available or contracted to install and maintain the solution. My chief
concern about Gauntlet is not the technology, though.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 2:23 AM
> To: [EMAIL PROTECTED]
> Subject: PIX vs Gauntlet vs Checkpoint FW1
>
>
> Hi,
>
> We currently have a cisco solution for our firewall and vpn. We are
> re-evaluating our firewall and vpn solution and are looking
> at PGP e-ppiance
> (Gauntlet) and Checkpoint. I would like to get opinions from
> those who have
> used these products or have evaluated them. We have a microsoft
> environment. I would like to know the strengths and weaknesses of the
> firewall features and also how interoperable the VPN solution is.
>
> Thanks.
> Diana
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
