Re: [fw-wiz] Opinions wanted...

Hey Kurt!

--- Kurt Buff <kurt.buff@xxxxxxxxx> wrote:
All,

I've been working with Watchguards at my current employer
for quite a while, but we're looking to replace them.

We've received a recommendation from one firm for
Sidewinders (a 410 and a couple of 110s for the branch
offices).

We've received a recommendation against the Sidewinders
from another firm saying that they are too complex to
manage easily, and require extensive training to understand
- they recommend Checkpoint instead.

The real answer is "whatever work for you is best", but
I'll toss my opinions on the plate for what they are worth.
Keep in mind that I don't actually manage any of these
things, so others on the list will have more tactical
thoughts than I do.

o Sidewinder has arguably the "best security" if you can
figure it out. It's a true security geek's firewall,
application proxies and roots deep in US gov't use. Still
popular afaik among military types and hard-core technical
users.

o Checkpoint can also be as complicated as you like, but
by nature a simpler firewall with a much larger user base
and more intended for the Great Unwashed. While I spent a
decade being their #1 competitor, I have always said that
anyone would be fine choosing them if they wanted to.

o If you want something reliable and hard to screw up I'd
recommend PIX (call it ASA if you like), functionally much
like WG and with all the advantages of being supported by
The Borg. Your employers are much more likely to find a
replacement for you who knows Cisco inside out than someone
who knows Sidewinder, and marginally more so than CP
(whether you find that to be good or bad is your call...).

I'm rife with biases here, so take it for what it is worth.

-cheers!

-chris


Neither seems to be completely out of our price range, so
it would seem to come down to concerns regarding initial
implementation and ongoing management.

Are the Sidewinders that much more complex than
Checkpoints?

Is one "better" (for whatever that might mean to you)
than the other - that is, if you have experience with both,
which would you prefer, and why?

I, of course, am excited to be learning a new platform,
and want to move away from some of the quirkiness of the
ancient Fireboxes we have, but want to make a reasonable
recommendation to management.

Thanks,

Kurt

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: small office firewall
    ... Subject: small office firewall ... i recommend the Firewall FW-1/VPN-1 for checkpoint small office, ... Asunto: RE: small office firewall ... I highly recommend the Watchguard SOHO.It's very ...
    (Security-Basics)
  • RE: suggestions on a good firewall
    ... Cisco does not do ... BTW I never said I disliked Checkpoint, ... suggestions on a good firewall ... standards (Open Platform for Security) Is brought to you by Checkpoint ...
    (Security-Basics)
  • Re:RE : suggestions on a good firewall
    ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...
    (Security-Basics)
  • Re: Firewall choice for web hosting
    ... I think your definition of flaws may be flawed. ... Most of the published Checkpoint "flaws" require a significant degree ... The other major "announcements" of flaws (RDP hack and GUI overflow ... Nokia IP-series firewall can be closed down to just Port 22 listening ...
    (comp.security.firewalls)
  • Re:RE : suggestions on a good firewall
    ... I stand corrected, CheckPoint has native support for this, as does the ... Mail (SMTP) Support ... poses a challenge to the security manager who wishes to maintain ... Subject: RE: suggestions on a good firewall ...
    (Security-Basics)