|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ??
And policies can use the "install on -> target" feature (rather than "install on -> gateways") to ensure that they cannot be loaded onto the wrong firewall. Saved me once or twice...... [email protected]@lists.us.checkpoint.com on 09/02/2001 20:58:23 Sent by: [email protected] To: [email protected], [email protected] cc: [email protected] Subject: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? Well yes. FW-1 has a centralized policy manager. All your rules are set up at one point. Much easier to set up and keep consistent and to audit. -----Original Message----- From: [email protected] [ mailto:[email protected]] Sent: Friday, February 09, 2001 3:26 PM To: Gibson, Brian Cc: [email protected] Subject: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? Is this any better with FW-1? I don't see how. But I am likely missing something. On Fri, 9 Feb 2001, Gibson, Brian wrote: > The problem is scale. If you only have a couple of Firewalls then any > number of products will do the job. > > What happens, however, when you have 30 Firewalls? How do ensure that each > Firewall has the right rule base on it? How do you properly troubleshoot > problems without having your "guru" constantly inundated with accusations > that the firewalls were stopping certain types of traffic? > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Thursday, February 08, 2001 10:10 PM > To: [email protected] > Subject: RE: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? > > > > I propose that it takes approximately the same amount of effort and time > to PROPERLY install solaris w/FW-1 compared to OpenBSD w/ipf. > > PROPERLY I said. > > The default install of OpenBSD is way more secure then Solaris. ipf is > marginally harder to configure then FW-1. Not THAT much harder, its just > CLI which some people are scared of. > > > On Fri, 9 Feb 2001, Dean Cunningham wrote: > > > > > Not knowing IPF.......... > > > > How does ipf etc handle services like oracle8 or netmeeting, secureremote > > equivilent, OSPEC third party equivilents? > > Price is never $0, can you say your time spent on each is equal, now that > > you know both? > > Which took longer for you to learn? > > What was your background in O/S's? > > What is your companies infrastructure like would either of them fit in > > better from a support or maintanence perspective? > > > > I do not expect you to answer any of these questions, just pointing out > that > > the $10,000 question is not one that can be resolved by a simple answer. > > > > Each site where a firewall is installed has it own issues and needs and > the > > $10k may well be soaked up (an then some) by lack of foresight and > planning > > with regard to the bigger picture or the need to hire additional resources > > to manage the firewall effectively. > > > > regards > > Dean > > > > -----Original Message----- > > From: [email protected] [ mailto:[email protected]] > > Sent: Friday, 9 February 2001 2:39 PM > > To: [email protected] > > Subject: Re: [FW1] Unbaised Firewall-1 vs Pix Reviews ?? > > > > > > > > On Thu, 8 Feb 2001, Jason Costomiris wrote: > > > > > On Thu, Feb 08, 2001 at 03:08:41PM -0500, [email protected] > wrote: > > > : Can onyone tell me why I would pay BIG money for the checkpoint > > > : license? When I could put that money towards a load balancing > > > : switch?(which alot of ppl do anyway!) > > > > > > It's not THAT big of a bill. Compared with the cost of lost business > and > > > lost confidential information, even the unlimited version is cheap. > > > > Granted. But $10,000 compared to $0? I have never done an install with a > > limited license and so I don't know pricing on that.... In the situations > > I have had to deal with it makes more sense to have two people that know > > the product (two admins are needed, at minimum for sanity checks) which > > would make your point below moot. > > > > AND! by your own arguement, are knowledgeable checkpoint engineers THAT > > easy to come by? Heck, I'm dealing with an SE from Checkpoint right now > > that doesn't know.... much... atleast about CheckPoint Firewall-1 > > > > > > > > : And before anyone mentions this, I ackowledge that the TCO for a free > > > : firewall is higher, but then again, should you have a firewall admin > who > > > : is capable enough to do this? > > > > > > Can you absolutely count on that one person to remain in your company's > > > employ forever? Arguing that you should have someone proficient in > > > netfilter||ipf has a hole in it about the size of your average > 18-wheeler. > > > Suppose the person leaves, who can you call for help in your hour of > need > > > until you get your next guru? Maybe you've got someone, maybe you > don't. > > > You need to evaluate how much risk you're willing to take. > > > > > > > > > > > > -- --Paul ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
