RE: [fw-wiz] RE: PIX vs Checkpoint vs Sonicwall vs Netscreenh

From: manatworkyes moderator (
Date: 08/04/02

From: "manatworkyes moderator" <>
Date: Sun Aug  4 17:13:01 2002

Roger Marquis said:

>>WRT to comparisons, we've read a log of generalities but not many
>>specifics. Is there a chart somewhere which lists the relevant
>>(read: non-marketing) features? In particular:

In my opinion, adding the "V" sign next to a list of so-called non-marketing
features will provide a false description. For example, lets examine some of
the points that you've mentioned:

SSH - is it version 1 or version 2? is it possible to define list of allowed
sources that can ssh the system?
CLI - are all the options manageable through CLI ? What about log filtering
or reading ?
HTTP- what type of httpd the system is using ? Is it using unpatched version
of Apache ?
SYSLOG - How logs are transfered to the syslogd ? what happens when the
syslogd is down? what type of DOS attacks the syslog is protected from ?
TFTP - Is it truely secure (Ask CERT about it :-)

Configuration - where are RPC services ? Where are hig level protocols like
SMTP / HTTP etc ?

I hope that i made myself clear.


  [] serial console?
  [] telnet/cli interface?
  [] ssh/cli interface?
  [] http/gui interface?
  [] java/gui interface?
  [] syslog support?
  [] configurable log verbosity?
  [] snmp/v2/v3?
  [] tftp backup & upgrade?
  [] text-based configuration file?
  [] multi-firewall management tools?

  [] ip, tcp, udp, and icmp protocol type filtering?
  [] port-range filtering?
  [] application layer inspection (activex, javascript, flash, im, ...)?
  [] separate ACLs for incoming and outgoing interfaces?
  [] separate ACLs for all interfaces?
  [] stateful filters?
  [] NAT/PAT/... options?
  [] tcp sequence validation?
  [] IDS support?

  Large Site:
  [] high-bandwidth options?
  [] failover?
  [] load-balancing?
  [] IPSec VPN support?
  [] interoperable IPSec VPN support?

  [] searchable online documentation?
  [] newsgroup?
  [] 24*7*365 support?
  [] 2h phone & email support?
  [] free and/or inexpensive OS upgrades?

  Vendor Reliability:
  [] reasonable pricing?
  [] straightforward licensing?
  [] history of profitability?
  [] accounting irregularities?
  [] VC funded?
  [] long-term product support (unlike NA's pgp)?
  [] history of vulnerabilities?
  [] timely bug fixes?


Chat with friends online, try MSN Messenger: