Re:[fw-wiz] IBM secureway firewall

From: Peter Bruderer (brudy@bruderer-research.com)
Date: 12/07/02 

From: Peter Bruderer <brudy@bruderer-research.com>
To: <dufresne@sysinfo.com>, <firewall-wizards@honor.icsalabs.com>
Date: Sat Dec  7 07:21:15 2002

If I hear IBM secureway firewall, I think Jurassic Park.

The IBM Secure Network Gateway was quite a reasonable product back in 1992. It
was basically a packetfilter with a few proxy features. That product was
actually the trigger for me to use qmail. It did not have a properly working
SMTP gateway. Up to version 2.2 you could manage the filters using vi.

Starting with version 3, there was a Java based GUI which was just user
unfriendly, slow, ... and you had to install X-Windows on the firewall
machine. It was no longer possible just to edit the rulebase and to restart
the firewall software. What else? NAT? After a couple of fixes it was somehow
working. To establish a reasonable rulebase, you had to spend working about 3
days with the GUI. The default rulebase was unusable. That was in 1997.

BTW the mail gateway was still unusable, the http proxy did not work properly
and the SOCKS configuration was "advanced".

1998 was a great relief. I stopped working for IBM. So I could stop telling
everyone, how good this product really is.

Last year, I had to review an IBM secureway firewall. And what a surprise! It
is still very complicated to configure and the look and feel is still the
same as back in 1997. 

-- 
  Peter Bruderer                 mailto:brudy@bruderer-research.com
  Bruderer Research GmbH                      Tel ++41 52 620 26 53
  IT Security Services                        Fax ++41 52 620 26 54
  CH-8200 Schaffhausen             http://www.bruderer-research.com