At 12:34 14/05/01 -0500, Martin Hoz wrote:
>?
>I don't got it. Could you comment a bit more on this, please?
Was meaning that the first thing one look at is not the gui. In other words,
different FWs have different levels and different functionalities. Even though
today FWs are less different than they use, you still have different hardware,
and some implementation diffs that make people choose this or that.
>I never said that.
>
>I mean the GUI, not the firewall. FW-1's GUI is the best one I've seen,
>easy-to-use (a few click and it's done), and powerful-to-deploy (allows
>me to make very granular changes in my security policy.
FW1 was to be the best gui when other products did not have a "real" gui.
but there are two points:
- since then, nice GUIs have been developped for other products.
for ipf/iptables/ipchains for example, you now have many GUIs available.
- The second point is that when the FW is extremely configurable, the GUI
will be more difficult to use than if not. For example, on a proxy based FW
where you can configure almost anything, it is normal to find too many things
in the GUI, which makes it harder to use, but there's not much to do about it.
You will not necessarily reject a proxy based FW just because it is harder
to admin...
> >
> > why would you think openbsd+ipf wouldn't be?
>
>I never said that. But AFAIK; openbsd+ipf does not have a GUI:
there are GUIs for ipf (note ipf=ipfilter). Some of these are multi-filter
and support ipf+ipchains+iptables.
>Nope. I've experience with some firewalls around (including these, SunScreen,
>
>Gauntlet, FWTK and others).
>It's simply my experience what I'm talking about...
I understand. I have no exp with sunscreen (I thought they have a nice
GUI!). the FWTK
is not really supported (NAI aren't TIS) so you can't ask for a GUI. The
Gauntlet is a
proxy based FW so what I said above applies. But then if I had to choose
between
a packet-based or a proxy-based FW, I wouldn't put the GUI in the balance (it
would be an argument only if other args don't suffice to select). I mean that
some people want proxies when others want filters.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
