Borderware - hardened BSDI based application level firewall that runs on
Intel hardware. Best I've used.
Raptor - it wouldn't be fair to compare this one as I used it on an NT
system and hated it...mostly due to NT performance problems.
PIX - excellent packet-filter firewall. Good first or second layer
defense in front of something like Borderware.
Netscreen - depends. If you are blocking all inbound traffic, it works
fine. One company I worked for spent $10K on a model that was supposed
to load balance to two webservers. After many man hours, Netscreen
admitted that the feature did not, in fact, work as advertised. Not my
favorite.
Netmax Firewall in a Box - very low end, dummy downed version of RH and
packet filtering (pretty front ends mostly). Didn't care for it much.
Generic Linux kernel 2.4 running IPTABLES - Like the PIX, an excellent
packet filtering firewall.
TIS Firewall Toolkit - venerable. Once upon a time, nice application
firewall. As far as I know, nobody maintains the code anymore.
SOHO level, Netgear isn't bad. But only appropriate for SOHO.
Now, let's dispense with the silly myth that firmware based appliances
are inherently superior. Misconfigurations happen. Bad policies are
created. And they only protect at the packet layer. They do not
protect your applications and are not as feature-rich as the application
firewalls that run on top of a hardened OS.
Nor are they inferior in and of themselves. Appliances have a place,
just as the OS based firewalls do. Instead of saying one is better or
worse, try implementing each in the appropriate place in your security
stack.
IMO,
bryan
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Firewall Comparisons Joseph
- Re: Firewall Comparisons Matt Stern
- RE: Firewall Comparisons Bryan S. Sampsel
- RE: Firewall Comparisons Keith A. Glass
- Re: Firewall Comparisons Bryan S. Sampsel
- Re: Firewall Comparisons chort
- Re: Firewall Comparisons jamesworld
- Re: Firewall Comparisons salgak
- RE: Firewall Comparisons Mark McConnell
- RE: Firewall Comparisons DeGennaro, Gregory
- Re: Firewall Comparisons Tomas Wolf
- Re: Firewall Comparisons salgak
- Re: Firewall Comparisons salgak
