Hello All,
> Does anybody have any comments on Lucent firewalls?
> Good or bad.
> I am particularly interested in finding out if their
> high availability features are credible.
I have been a happy user of the Lucent Firewalls for quite some time now.
The current documentation regarding the High Availability option for the
management server is actually outdated.
http://www.lucent.com/livelink/163095_FactSheet.pdf
The High Availability option described in this document still needs 3d
party software, while that is actually not needed anymore with the
Lucent Security Management Server version 6.0
With the release of verions 6.0 you can now have various management servers
in different locations working together using a master/slave scenario.
Every Lucent Firewall (BRICK) can be configured with its own preferred
management server and a backup server, as soon as the firewall cannot
contact the preferred server it will contact the backup server and vise
versa.
All management stations are synchronised on regular intervals.
So my opinion is that indeed the High Availability option of version 6
is incredible.
Also with release 6 Lucent has now included state sharing for redundant
firewalls which prevents sessions to get teared down due to a firewall
failover.
Some other interesting features are VLAN support and H.323 processing.
(dynamic opening of ports etc)
The Lucent failover implementation is extremely fast and smooth, the only
problems I have seen were due to switch limitations and not caused by the
firewalls (the only failovers I've experiences so far were due to human
error "what is this powerplug connected to?... oops..." etc.)
One last thing I would like to add is regarding the interface and the
use of zones.
At first it takes a bit of getting used to since most firewalls are based
round 1 central ruleset or 1 ruleset per interface.
Lucent has come up with a "zones" structure that completely obsoletes
the interface based/central ruleset, since it provides a neat way of
logically organizing rules in a virtually unlimited fasion.
This also gives you the option to have various admins in charge of different
parts of your firewall config and rulsets can be shared by multiple firewals
which makes it real easy to deploy and manage multiple (in my case 50+)
firewalls in a short period of time.
It feels a bit strange in the beginning after working with Checkpoint/Cisco
PIX before but when you get used to it (in a day or 2) you'll appreciate
the natural user interface and flexibility.
Have a look at this location for the various types of firewalls:
http://www.lucent.com/products/solution/0,,CTID+2012-STID+10080-SOID+1201-
LOCL+1,00.html
I have been using the lucent firewall family for almost 2 years in bridged,
routed and mixed situations.
For any further information, feel free to contact me.
Greetings,
Diederik
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
