Re: [fw-wiz] confusion and in-decision

From: Christine Kronberg (
Date: 01/21/03

From: Christine Kronberg <>
To: anil bindal <>
Date: Tue Jan 21 18:59:35 2003


> i have just joined this list to get more information on the firewalls.
> we are in process of assessing a firewall for our corporate office.
> Our requirements are as follows :
> FW, VPN, IDS, EIM , Virus and BW management.

  That's what you are intend buying, but what are your real
  requirements? How many users? How many traffic? How many
  sites? What does your security policy say? What's your level
  of security? Which protocols and applications must pass the

> I would like to know the opinion of the list on following
> 1)Whether i should go for a single product or for different products ?

  I don't believe that there is an all-in-one for everything, but
  probably someone on the list can tell better.

> 2) If for different products, then which products are the best in their
> category ?
> 3) In case list recomends going for different products, then can list
> members share their good/bad experiences on such products ??
> For a week now i am trying to search this info on the Inet but i am so
> confused now.
> i think that i should go for a HW based FW+VPN and i find Watch Guard is

  Personally I don't think that a firewall and a vpn gateway should
  be on the same node, but from what you write I guess you have
  a small LAN with few users?

> a good option but then it does not have proper IDS and BW management.

  How much do you expect from your IDS? How much effort can be spared
  to look into the messages from the IDS?

> also it does not take care of MIME attachments in outgoing emails ( i
> would like to restrict my users from sending specific attachments say my
> Quality procedures in .pdf files )

  You probably want to do that on your internal mail server.

> While my vendors say that SonicWAll is good, others say checkpoint is
> good.. so much confusion..

  Hope you don't mind asking so many questions, but from what you
  wrote its really hard to make a good advice.