RE: [fw-wiz] RE: PIX vs Checkpoint vs Sonicwall vs Netscreenh

From: manatworkyes moderator (devekboy@hotmail.com)
Date: 08/04/02


From: "manatworkyes moderator" <devekboy@hotmail.com>
To: firewall-wizards@honor.icsalabs.com
Date: Sun Aug  4 17:13:01 2002

Roger Marquis said:

>>WRT to comparisons, we've read a log of generalities but not many
>>specifics. Is there a chart somewhere which lists the relevant
>>(read: non-marketing) features? In particular:

In my opinion, adding the "V" sign next to a list of so-called non-marketing
features will provide a false description. For example, lets examine some of
the points that you've mentioned:

SSH - is it version 1 or version 2? is it possible to define list of allowed
sources that can ssh the system?
CLI - are all the options manageable through CLI ? What about log filtering
or reading ?
HTTP- what type of httpd the system is using ? Is it using unpatched version
of Apache ?
SYSLOG - How logs are transfered to the syslogd ? what happens when the
syslogd is down? what type of DOS attacks the syslog is protected from ?
TFTP - Is it truely secure (Ask CERT about it :-)

Configuration - where are RPC services ? Where are hig level protocols like
SMTP / HTTP etc ?

I hope that i made myself clear.

DB

  Manageability:
  [] serial console?
  [] telnet/cli interface?
  [] ssh/cli interface?
  [] http/gui interface?
  [] java/gui interface?
  [] syslog support?
  [] configurable log verbosity?
  [] snmp/v2/v3?
  [] tftp backup & upgrade?
  [] text-based configuration file?
  [] multi-firewall management tools?

  Configuration:
  [] ip, tcp, udp, and icmp protocol type filtering?
  [] port-range filtering?
  [] application layer inspection (activex, javascript, flash, im, ...)?
  [] separate ACLs for incoming and outgoing interfaces?
  [] separate ACLs for all interfaces?
  [] stateful filters?
  [] NAT/PAT/... options?
  [] tcp sequence validation?
  [] IDS support?

  Large Site:
  [] high-bandwidth options?
  [] failover?
  [] load-balancing?
  [] IPSec VPN support?
  [] interoperable IPSec VPN support?

  Support:
  [] searchable online documentation?
  [] newsgroup?
  [] 24*7*365 support?
  [] 2h phone & email support?
  [] free and/or inexpensive OS upgrades?

  Vendor Reliability:
  [] reasonable pricing?
  [] straightforward licensing?
  [] history of profitability?
  [] accounting irregularities?
  [] VC funded?
  [] long-term product support (unlike NA's pgp)?
  [] history of vulnerabilities?
  [] timely bug fixes?

  ...

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com



Relevant Pages

  • 2.6.18.3 Lockup on Athlon MP
    ... I am sure it's not just a hardware issue, though, ... as well as the kernel configuration I am using. ... # ACPI (Advanced Configuration and Power Interface) Support ...
    (Linux-Kernel)
  • RE: 2.6.5-rc2-mm2
    ... # ACPI (Advanced Configuration and Power Interface) Support ... # Device Drivers ...
    (Linux-Kernel)
  • Re: redirect an ip address to localhost
    ... added another ip address in the interface ... configuration dialog, and the apppropriate route popped up automatically ... in 'netstat -nr', ... thank you for your support ...
    (microsoft.public.win2000.networking)
  • PROBLEM: Dell Inspiron 1501 fails to boot in 2.6.21+
    ... My new laptop won't boot with kernel versions 2.6.21 or 2.6.22. ... I've also included my kernel configuration and ver_linux output. ... Enabling unmasked SIMD FPU exception support... ... usbcore: ...
    (Linux-Kernel)
  • [BUG] panic 2.6.20-rc3 in nf_conntrack
    ... When I shut down my ppp0 interface the kernel ... This kernel had the ipp2p patch from patch-o-matic-ng applied, ... # Firmware Drivers ... # ACPI Support ...
    (Linux-Kernel)