Re:[fw-wiz] IBM secureway firewall
From: Peter Bruderer (firstname.lastname@example.org)
- Next message: Adam Shostack: "Re: [fw-wiz] MD5 x SHA-1"
- Previous message: Bill Royds: "RE: [fw-wiz] MD5 x SHA-1"
- In reply to: gattaca: "Re:[fw-wiz] IBM secureway firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Peter Bruderer <email@example.com> To: <firstname.lastname@example.org>, <email@example.com> Date: Sat Dec 7 07:21:15 2002
If I hear IBM secureway firewall, I think Jurassic Park.
The IBM Secure Network Gateway was quite a reasonable product back in 1992. It
was basically a packetfilter with a few proxy features. That product was
actually the trigger for me to use qmail. It did not have a properly working
SMTP gateway. Up to version 2.2 you could manage the filters using vi.
Starting with version 3, there was a Java based GUI which was just user
unfriendly, slow, ... and you had to install X-Windows on the firewall
machine. It was no longer possible just to edit the rulebase and to restart
the firewall software. What else? NAT? After a couple of fixes it was somehow
working. To establish a reasonable rulebase, you had to spend working about 3
days with the GUI. The default rulebase was unusable. That was in 1997.
BTW the mail gateway was still unusable, the http proxy did not work properly
and the SOCKS configuration was "advanced".
1998 was a great relief. I stopped working for IBM. So I could stop telling
everyone, how good this product really is.
Last year, I had to review an IBM secureway firewall. And what a surprise! It
is still very complicated to configure and the look and feel is still the
same as back in 1997.
-- Peter Bruderer mailto:firstname.lastname@example.org Bruderer Research GmbH Tel ++41 52 620 26 53 IT Security Services Fax ++41 52 620 26 54 CH-8200 Schaffhausen http://www.bruderer-research.com