[fw-wiz] Re: insecurity in internet connection thro cable modems
From: stefmit (stefmit@comcast.net)
Date: 02/17/03
- Previous message: Scot Hartman: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
- In reply to: Dave Mitchell: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
- Next in thread: Noonan, Wesley: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: stefmit <stefmit@comcast.net> To: firewall-wizards@honor.icsalabs.com Date: Sun, 16 Feb 2003 18:32:59 -0600
I can second that (Netscreen ease of use & performance) - being a
multinational company we started site-to-site VPNs a couple of years ago,
with - initially - Checkpoint products. Along came the Netscreen, and started
deployment of 100s and 25s in the medium and big sites, with multi-site-VPNs,
and 5XPs in sales offices throughout the country, as well as in all
continents. Flawless performance + fantastic cost + configuration within
10-15 minutes.
Coming back to the initial subect: my cable-modem-based house network is right
now setup as a site-to-site VPN with my company's, but - being paranoid - I
did not have it setup with a LAN from the same RFC1918's we used at
headquarters. I have set that one up as a sort of DMZ, between the Netscreen
at my house and a "cheapo" Lynksys BEHIND the Netscreen. This way nobody at
Corp is allowed to get to my LAN, as I consider that network as dangerous as
any others, and without me having to spend too much time on refining the
rules on the Netscreen to achieve that isolation ... works perfect. Once in a
while I take out the Linksys, and plug in a dual-homed Linux IPTables, for
testing purposes ... and that arrangement works great, also.
Kudos to Netscreen, in the end ...
My $0.02,
Stef
P.S. Disclaimer: no vested interest in either of the brands mentioned above.
On Sunday 16 February 2003 11:39 am, Dave Mitchell wrote:
> Wes,
> GlobalPro makes it easier to maintain a fleet of Netscreens. I'm confused
> as to why you feel their VPN support is lacking? I've been able to
> interoperate Netscreen IPSec with Cisco PIX, Cisco IOS, Checkpoint, Cisco
> VPN3k, FreeSWAN; just to name some. Support for preshared keys, x509 certs,
> ldap auth, and securid auth make me feel that Netscreen's IPSec has quite a
> few features, not to mention higher throughput due to their ASIC's.
>
> -dave
<snip>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: David Lang: "Re: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500"
- Previous message: Scot Hartman: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
- In reply to: Dave Mitchell: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
- Next in thread: Noonan, Wesley: "RE: [fw-wiz] insecurity in internet connection thro cable modems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
