[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ??
Title: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ??
The problem is scale. If you only have a couple of Firewalls then any number of products will do the job.
What happens, however, when you have 30 Firewalls? How do ensure that each Firewall has the right rule base on it? How do you properly troubleshoot problems without having your "guru" constantly inundated with accusations that the firewalls were stopping certain types of traffic?
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, February 08, 2001 10:10 PM
To: [email protected]
Subject: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ??
I propose that it takes approximately the same amount of effort and time
to PROPERLY install solaris w/FW-1 compared to OpenBSD w/ipf.
PROPERLY I said.
The default install of OpenBSD is way more secure then Solaris. ipf is
marginally harder to configure then FW-1. Not THAT much harder, its just
CLI which some people are scared of.
On Fri, 9 Feb 2001, Dean Cunningham wrote:
>
> Not knowing IPF..........
>
> How does ipf etc handle services like oracle8 or netmeeting, secureremote
> equivilent, OSPEC third party equivilents?
> Price is never $0, can you say your time spent on each is equal, now that
> you know both?
> Which took longer for you to learn?
> What was your background in O/S's?
> What is your companies infrastructure like would either of them fit in
> better from a support or maintanence perspective?
>
> I do not expect you to answer any of these questions, just pointing out that
> the $10,000 question is not one that can be resolved by a simple answer.
>
> Each site where a firewall is installed has it own issues and needs and the
> $10k may well be soaked up (an then some) by lack of foresight and planning
> with regard to the bigger picture or the need to hire additional resources
> to manage the firewall effectively.
>
> regards
> Dean
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Friday, 9 February 2001 2:39 PM
> To: [email protected]
> Subject: Re: [FW1] Unbaised Firewall-1 vs Pix Reviews ??
>
>
>
> On Thu, 8 Feb 2001, Jason Costomiris wrote:
>
> > On Thu, Feb 08, 2001 at 03:08:41PM -0500, [email protected] wrote:
> > : Can onyone tell me why I would pay BIG money for the checkpoint
> > : license? When I could put that money towards a load balancing
> > : switch?(which alot of ppl do anyway!)
> >
> > It's not THAT big of a bill. Compared with the cost of lost business and
> > lost confidential information, even the unlimited version is cheap.
>
> Granted. But $10,000 compared to $0? I have never done an install with a
> limited license and so I don't know pricing on that.... In the situations
> I have had to deal with it makes more sense to have two people that know
> the product (two admins are needed, at minimum for sanity checks) which
> would make your point below moot.
>
> AND! by your own arguement, are knowledgeable checkpoint engineers THAT
> easy to come by? Heck, I'm dealing with an SE from Checkpoint right now
> that doesn't know.... much... atleast about CheckPoint Firewall-1
>
> >
> > : And before anyone mentions this, I ackowledge that the TCO for a free
> > : firewall is higher, but then again, should you have a firewall admin who
> > : is capable enough to do this?
> >
> > Can you absolutely count on that one person to remain in your company's
> > employ forever? Arguing that you should have someone proficient in
> > netfilter||ipf has a hole in it about the size of your average 18-wheeler.
> > Suppose the person leaves, who can you call for help in your hour of need
> > until you get your next guru? Maybe you've got someone, maybe you don't.
> > You need to evaluate how much risk you're willing to take.
> >
> >
>
>
--
--Paul
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
