|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Re: Nokia vs NT (and solaris, just for kicks)
Well to throw my .02Cents worth in. I feel that there is an OS for everything. I would never put a UNIX type OS in a shop that has no Idea of what VI is. I would never use NT in a place that has a lot of overhead. Dual DS-3, High availability, Load Balancing and a lot of VPN's running to multiple places then I need a Big Bad Server such as a Sun with RISC processors not the Intel chipset that NT runs on. But if I have a lot of people that know how to run NT then that is a good solution for that company. I do not know Lynx but it seems to be a good product from what I hear from others people that are in security. But I do not know how to install it so it is not a solution for me at all. I would have to hire someone and have someone standing by to fix the OS if anything were to go wrong. $$$$$ That is not a solution for some companies. Now if I were a shop that has a bunch of UNIX people then it would be a great solution. NOKIA is a good product. It is easy to use and is as stable as all of the rest. With out the problems of locking down the OS before installing the firewall. Thomas Stala [email protected] Hope this helps -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Ralph Forsythe Sent: Monday, February 19, 2001 5:40 PM To: Firewall-1 Mailinglist Digest Subject: [FW1] Re: Nokia vs NT (and solaris, just for kicks) > > Redundancy yes, load balancing no. At least not yet.... > > Nokia's are just PCs with fancy, small, rackmountable boxes, running > > FreeBSD. Nokia's redundancy isn't a "true" HA solution in that the VRRP will only fail over in the event of a full system failure on one firewall. If the firewall daemon stops no failover will happen since it's not checking at that layer. Better than nothing though. > > They are reliable, and can be made into a fault tolerant pair, but then so > > can NT and the other platforms, + you can load share using Stonebeat. > > If I had to spec up firewalls again, I'd probably choose NT, as Nokia did > > seem rather expensive for the task in hand, and benchmarks show that the > > Nokia platform is actually slower than the equivalent PC running NT. > > Then again, I'd probably change my mind, as the Nokia's are very easy to > > setup - stick them in, pre-hardened, load up firewall + the licenses and > > away you go. > > Saves faffing around with NT, but if you already know how to harden NT, it > > doesn't take too long to faff around with it ! > > Stick with what you know.... it will cost you less ! I really cannot agree that NT is the way to go for a firewall. Having used 3 platforms (NT, IPSO, and Solaris) my experience is that NT lacks in many areas, most notably reliability, OS security, and performance. Our firewalls on NT required constant maintenence, and frequently would restart fwd on their own. (This did not disrupt service at the time, but left zombie processes running that would eventually eat up memory -- this required a reboot.) We also saw major performance gains moving to Solaris, just by putting in paltry Ultra5's (that's about as low as Sun will go...) NT also had *serious* issues with putkey, which already has problems of it's own. Without changing management consoles, moving to Solaris fixed the putkey problems almost completely. When the VPN's were on NT we also had issues with massive amounts of key installs, since they would lose sync frequently. Again, Solaris = good. And I won't even go into the issues of NT security, since we all know about that. Nokia's are the easiest by far to roll out into production, and the OS comes pre-hardened for the most part. I still recommend installing SSH and disabling telnet on an IPSO box, but otherwise they're great and the Voyager management is a well-made product. However, Nokia's will not scale as high in performance and speed as Suns will, in terms of hardware product lines. Solaris is far from hardened at install time, but with a little UNIX knowledge and the help of docs/scripts on the net, this can be accomplished quite easily. And you can put CP-FW1 on some big Sun's to help throughput if that's your concern. (We're running about 50 E-220's and some E-450's here...) My take: - If you can handle decent performance, and scaling to a large or high-speed environment is not a concern, buy Nokia. The management and pre-secured nature of these make the cost over a standard PC worth it. - If you have a nice budget and need to handle large policies, NAT, or VPN (*especially* on the same box) Sun's are a good bet. As you get higher up in the models they get expensive, but Sun's are also known for hardware reliability, and Solaris is pretty damn solid. Requires some knowledge of Solaris however, but it's nothing bad. A Sol admin can handle it. - If UNIX makes you run away in fright, or you really just can't afford the cost of a Nokia vs a PC, use NT. Can't say as I recommend it, but to each his own... Just my (somewhat educated) opinions, take them as you will. - Ralph Forsythe Security Engineer Relera, Inc. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
