I have a Watchguard Firebox, and it makes a great firewall, unfortuantly the VPN features never seemed to work correctly for me (yes, I'm sure it was the way that I was configuring it, but I . In the end I ended up configuring a old workstation (P3 450, 256 MB of ram, and this is overkill) with OpenBSD to handle all my VPN applications. Eventually I plan on replacing my Watchguard with another OpenBSD box. Check out www.openbsd.com for more information.
Tim Donahue > -----Original Message----- > From: Thorsten Dampf -- 7stein.net [mailto:[EMAIL PROTECTED] > Sent: Friday, March 07, 2003 3:48 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: AW: Firewall recommendations? > > > Take a look at the watchguard products. www.watchguard.com > > Regards, Thorsten > > > > -----Ursprüngliche Nachricht----- > > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Gesendet: Donnerstag, 6. März 2003 21:05 > > An: [EMAIL PROTECTED] > > Betreff: Firewall recommendations? > > > > > > > > > > I am in charge of researching a firewall to replace what we > currently > > > > have. At my previous job I had used Microsoft ISA in a low-security > > > > environment, and was happy with its features, and its > > integration with > > > > the Windows environment there. However, at my current job, > > security is a > > > > much greater concern, and I have to admit, I am somewhat > > uneasy running a > > > > Microsoft firewall product on top of a Microsoft OS. We also had > > > > investigated Checkpoint as well as Cisco Pix, and found that for our > > > > needs, the Pix at least seemed to need _many_ separate > > components for the > > > > same functionality. My question is what are your experiences > > with using > > > > ISA from a security standpoint? Usability issues? From the > > Mac end? Or > > > > would we be better off pursuing the Checkpoint or the Pix > > solution? We > > > > also plan on implementing VPN over whatever we choose, so if you > > > > recommend something other than these, it should support at > > least PPTP and > > > > perhaps eventually IPSec/L2TP. We have also considered placing ISA > > > > behind a Linux (or BSD) IP Chains firewall and our perimeter > > network to > > > > block some of the traffic from getting to ISA. Any comments > > here? Thanks > > > > to everybody in advance! > > >
