|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Unbaised Firewall-1 vs Pix Reviews ??
Guys, I don't mean to be rude here, but can you take this dicussion offline or on a general firewall mailinglist, this list really is only meant for discussions about Firewall-1, and not everyones theory of what the best firewall is. If we needed this info, we'd go discuss it at alt.comp.security or something on the newsgroups. Thanks. ----- Original Message ----- From: <[email protected]> To: Gibson, Brian <[email protected]> Cc: <[email protected]> Sent: Friday, February 09, 2001 12:25 PM Subject: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? > > Is this any better with FW-1? I don't see how. > > But I am likely missing something. > > On Fri, 9 Feb 2001, Gibson, Brian wrote: > > > The problem is scale. If you only have a couple of Firewalls then any > > number of products will do the job. > > > > What happens, however, when you have 30 Firewalls? How do ensure that each > > Firewall has the right rule base on it? How do you properly troubleshoot > > problems without having your "guru" constantly inundated with accusations > > that the firewalls were stopping certain types of traffic? > > > > > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: Thursday, February 08, 2001 10:10 PM > > To: [email protected] > > Subject: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? > > > > > > > > I propose that it takes approximately the same amount of effort and time > > to PROPERLY install solaris w/FW-1 compared to OpenBSD w/ipf. > > > > PROPERLY I said. > > > > The default install of OpenBSD is way more secure then Solaris. ipf is > > marginally harder to configure then FW-1. Not THAT much harder, its just > > CLI which some people are scared of. > > > > > > On Fri, 9 Feb 2001, Dean Cunningham wrote: > > > > > > > > Not knowing IPF.......... > > > > > > How does ipf etc handle services like oracle8 or netmeeting, secureremote > > > equivilent, OSPEC third party equivilents? > > > Price is never $0, can you say your time spent on each is equal, now that > > > you know both? > > > Which took longer for you to learn? > > > What was your background in O/S's? > > > What is your companies infrastructure like would either of them fit in > > > better from a support or maintanence perspective? > > > > > > I do not expect you to answer any of these questions, just pointing out > > that > > > the $10,000 question is not one that can be resolved by a simple answer. > > > > > > Each site where a firewall is installed has it own issues and needs and > > the > > > $10k may well be soaked up (an then some) by lack of foresight and > > planning > > > with regard to the bigger picture or the need to hire additional resources > > > to manage the firewall effectively. > > > > > > regards > > > Dean > > > > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] > > > Sent: Friday, 9 February 2001 2:39 PM > > > To: [email protected] > > > Subject: Re: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? > > > > > > > > > > > > On Thu, 8 Feb 2001, Jason Costomiris wrote: > > > > > > > On Thu, Feb 08, 2001 at 03:08:41PM -0500, [email protected] > > wrote: > > > > : Can onyone tell me why I would pay BIG money for the checkpoint > > > > : license? When I could put that money towards a load balancing > > > > : switch?(which alot of ppl do anyway!) > > > > > > > > It's not THAT big of a bill. Compared with the cost of lost business > > and > > > > lost confidential information, even the unlimited version is cheap. > > > > > > Granted. But $10,000 compared to $0? I have never done an install with a > > > limited license and so I don't know pricing on that.... In the situations > > > I have had to deal with it makes more sense to have two people that know > > > the product (two admins are needed, at minimum for sanity checks) which > > > would make your point below moot. > > > > > > AND! by your own arguement, are knowledgeable checkpoint engineers THAT > > > easy to come by? Heck, I'm dealing with an SE from Checkpoint right now > > > that doesn't know.... much... atleast about CheckPoint Firewall-1 > > > > > > > > > > > : And before anyone mentions this, I ackowledge that the TCO for a free > > > > : firewall is higher, but then again, should you have a firewall admin > > who > > > > : is capable enough to do this? > > > > > > > > Can you absolutely count on that one person to remain in your company's > > > > employ forever? Arguing that you should have someone proficient in > > > > netfilter||ipf has a hole in it about the size of your average > > 18-wheeler. > > > > Suppose the person leaves, who can you call for help in your hour of > > need > > > > until you get your next guru? Maybe you've got someone, maybe you > > don't. > > > > You need to evaluate how much risk you're willing to take. > > > > > > > > > > > > > > > > > > > > -- > --Paul > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
