Evan,
You should look at the Sidewinder firewall (www.securecomputing.com). It
is an excellent ALG on a trusted OS. They did a lot of improvements with
the GUI and it has always been a very secure firewall.
1. Protect a small network of ~40 computers from prying eyes outside of
the company. Certain files getting in the wrong hands would be disastrous
to our business.
You can get a 100 user license for about $4,000.
2. Prevent DoS attacks to our website when it becomes operational.
You can DoS any box so I am not going to say that the Sidewinder, itself,
cannot be DoSed but it should stop your webserver from being DoSed in most
cases.
3. Allow VPN access to our network from home for 1-3 people.
It can do this.
4. Have configurable rules, ala FW1, that would let me see exactly what is
and is not blocked.
This is the most configurable firewall I have seen. All of the rules are
shown and can be changed/deleted/created in the GUI. There are some
excellent logging options and tcpdump which will help you troubleshoot
problems.
5. Allow rules to be created that deny certain inside-out access, such as
users using AIM, etc...
Anything not allowed is denied by default. Anything that you can create as
an allow rule you can also create as a deny rule.
6. Run on a relatively secure platform (or one that can be made secure)
(preferably not NT, though I don't know how far that's come in this realm
since I was evaluating them. At that time, it was, "Stay the heck away from
running a firewall on NT".
The Sidewinder runs on a modified BSDi kernel with trusted OS features
built into it.
7. Have a good service/support infrastructure. Software patches show up at
my door when they're released, or can be downloaded, a good support hotline
for help, and hopefully some local (Massachusetts) reps for onsite help at
times.
I think that their support is very good (I used to work for the company).
You can download patches or have them sent to you. I do not think there
are local people in Massachusetts but they have people at Secure Computing
who will fly out to your site.
Regards,
Jeffery Gieser
ebrastow@automatedem
blem.com To: [EMAIL PROTECTED]
Sent by: cc:
firewalls-owner@List Subject: Need some
pointers/recommendations
s.GNAC.NET
05/14/2001 06:29 PM
Hi,
I've been running Checkpoint FW-1 on a FreeBSD/Nokia box for a while here,
and I while I like the product technically, I think I am finally at that
point where I am fed up with the support/services/reseller infrastructure
behind it and would like to look at other options.
At the time that I was evaluating firewalls back in December of '98, the
two
biggest stateful inspection firewalls were FW1 and PIX. Raptor was
considered to be the best app proxy firewall. I guess my question is, what
would you guys say is now the best firewall solution outside of FW-1??
Okay, I know that's a silly question, like all "what's the best?"
questions,
it would depend on my needs. Let me give you some idea of what I'd like it
to do, in no particular order:
1. Protect a small network of ~40 computers from prying eyes
outside of
the company. Certain files getting in the wrong hands would be disastrous
to
our business.
2. Prevent DoS attacks to our website when it becomes operational.
3. Allow VPN access to our network from home for 1-3 people.
4. Have configurable rules, ala FW1, that would let me see exactly
what
is and is not blocked.
5. Allow rules to be created that deny certain inside-out access,
such
as users using AIM, etc...
6. Run on a relatively secure platform (or one that can be made
secure)
(preferably not NT, though I don't know how far that's come in this realm
since I was evaluating them. At that time, it was, "Stay the heck away from
running a firewall on NT".
7. Have a good service/support infrastructure. Software patches
show up
at my door when they're released, or can be downloaded, a good support
hotline for help, and hopefully some local (Massachusetts) reps for onsite
help at times.
Thanks for any ideas you could throw my way...
Evan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
