Re: [fw-wiz] Opinions wanted...

Because firewall *IS* complex thing to operate. If you stick to
"reasonable heuristics and defaults" as Checkpoint offers,
your firewall is just not operated at all as its configuration
does represent Checkpoint's view on network security policy, not
yours. That's why i always say "if Checkpoint is ok for you,
better get training or outsource your firewall administration
completely". There are too many configuration issues that are
far from being transparent and if you care exactly WHAT does
your firewall do Checkpoint is extremely hard to operate.

On Wed, Nov 21, 2007 at 08:40:51AM -0800, Kurt Buff wrote:
All,

I've been working with Watchguards at my current employer for quite a
while, but we're looking to replace them.

We've received a recommendation from one firm for Sidewinders (a 410
and a couple of 110s for the branch offices).

We've received a recommendation against the Sidewinders from another
firm saying that they are too complex to manage easily, and require
extensive training to understand - they recommend Checkpoint instead.

Neither seems to be completely out of our price range, so it would
seem to come down to concerns regarding initial implementation and
ongoing management.

Are the Sidewinders that much more complex than Checkpoints?

Is one "better" (for whatever that might mean to you) than the other -
that is, if you have experience with both, which would you prefer, and
why?

I, of course, am excited to be learning a new platform, and want to
move away from some of the quirkiness of the ancient Fireboxes we
have, but want to make a reasonable recommendation to management.


Thanks,

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: suggestions on a good firewall
    ... Cisco does not do ... BTW I never said I disliked Checkpoint, ... suggestions on a good firewall ... standards (Open Platform for Security) Is brought to you by Checkpoint ...
    (Security-Basics)
  • Re:RE : suggestions on a good firewall
    ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...
    (Security-Basics)
  • Re: Firewall choice for web hosting
    ... I think your definition of flaws may be flawed. ... Most of the published Checkpoint "flaws" require a significant degree ... The other major "announcements" of flaws (RDP hack and GUI overflow ... Nokia IP-series firewall can be closed down to just Port 22 listening ...
    (comp.security.firewalls)
  • Re:RE : suggestions on a good firewall
    ... I stand corrected, CheckPoint has native support for this, as does the ... Mail (SMTP) Support ... poses a challenge to the security manager who wishes to maintain ... Subject: RE: suggestions on a good firewall ...
    (Security-Basics)
  • Re: Basic External Firewall Testing?
    ... putting the checkpoint firewall on the inside. ... vulnerability websites for known vulnerabilities. ... the advantage to putting firewall-1 inside the ISA server would ...
    (comp.security.firewalls)