Netfilter is not yet there because of the gui and tools fw-1 has and linux don't. and by tools, i don't mean a software that some kids wrote, i mean tools that can interact with the firewall and with the rules, like virus scanning, vpn, and ids, etc.. checkpoint has standards for these, and linux don't. In addition there are products from checkpoint that are hardware based and can surely outperform linux on a x86 computer any day.
all in all, if someone is interested in moving, and is afraid of the gui stuff, then he can d/l a migration tool from fw1 here: http://cp2fwbuilder.sourceforge.net/ * - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] My Cool Site: HTTP://WWW.My2Nis.Com * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:linux-il-bounce@;cs.huji.ac.il]On Behalf Of Oded Arbel > Sent: Monday, October 28, 2002 7:20 AM > To: Hetz Ben-Hamo; [EMAIL PROTECTED] > Subject: Re: big question: FW-1 VS. Linux security tools > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ���� ���, 28 �������� 2002, 00:16, Hetz Ben-Hamo ��� �� 'big > question: FW-1 > VS. Linux security tools': > > As it stands today - can Linux be considered to be FW-1 > replacement? how > > much Linux tools (iptables, etc) can do and what can't they > do compared to > > Checkpoint's FW-1? (and I'm not talking about the GUI) > > If you are not talking about the GUI, then by all means yes. > Linux has been > up-to-par with FW-1 ever since NetFilter came out with its stateful > inspection methods. The Linux kernel now offers connection > tracking, rate > limiting, advanced routing, QoS and other neat features. > configuring it to > behave is still a bitch though - that what all those > "firewall programs" out > there try to do - offer easier configuration by > autogenerating rules. none > come close to the FW-1 GUI > > While not being exactly a newbie compatible tool, the FW-1 > GUI firewall > builder provides very clear and easy ways to build a decent > firewall w/o > being a network security expert > > > I'm NOT talking about VPN or extras like that. (btw - > there's a rumor that > > there's a Linux VPN client beta from Checkpoint - anyone > knows where/how to > > get it or buy it?) > > I've seen it a long time ago and it died a horrible death. > I'm not aware of > any resurrections as yet, but I'm not really following > > - -- > Oded > > ::. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE9vMjzkltamOf8EzsRAnnaAJ9CPxmDC9GPpkNnocF0oRnHI0AZRwCg4Jaa > yHgh6+Z+c2awcdQET4Dm+TM= > =wl4v > -----END PGP SIGNATURE----- > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
