Re: [fw-wiz] Opinions wanted...

On Nov 23, 2007 6:54 AM, Chris Blask <chris@xxxxxxxxx> wrote:
Hey Kurt!


The real answer is "whatever work for you is best", but
I'll toss my opinions on the plate for what they are worth.
Keep in mind that I don't actually manage any of these
things, so others on the list will have more tactical
thoughts than I do.

That's always the correct answer - but since I have experience with
none of them, and can't peer into the future, I'm asking questions. :)

o Sidewinder has arguably the "best security" if you can
figure it out. It's a true security geek's firewall,
application proxies and roots deep in US gov't use. Still
popular afaik among military types and hard-core technical

o Checkpoint can also be as complicated as you like, but
by nature a simpler firewall with a much larger user base
and more intended for the Great Unwashed. While I spent a
decade being their #1 competitor, I have always said that
anyone would be fine choosing them if they wanted to.

o If you want something reliable and hard to screw up I'd
recommend PIX (call it ASA if you like), functionally much
like WG and with all the advantages of being supported by
The Borg. Your employers are much more likely to find a
replacement for you who knows Cisco inside out than someone
who knows Sidewinder, and marginally more so than CP
(whether you find that to be good or bad is your call...).

I'm rife with biases here, so take it for what it is worth.

Thanks. While I have no opinion on PIS/ASA, due to lack of experience
with them, I wonder about the cost/benefit ratio, as I've found Cisco
equipment usually rather pricier than I wanted for the value received.
And, I'm sure the VARs recommending Checkpoint and Sidewinder have
their own axes to grind as well, but for now those are the two under
consideration, and muddying the waters with Cisco is just going to
slow down the process.

Thanks for the insight.

firewall-wizards mailing list

Relevant Pages

  • Re: Marc Phillips is a BAD REVIEWER -- DO NOT TRUST
    ... wasn't worth the trouble to sort you out from your nemesis. ... worth of vintage audio equipment, ... assumed right to assert subjective judgement for others, ... opinions of another simply by asserting his own superior discrimination, ...
  • Re: Report a hacker
    ... look into the firewall you spoke of... ... It does not reflect the opinions ... >> to determine who the ISP is that owns the IP ... >> hardware to your system]. ...
  • Re: Why bother?
    ... It does more than just beef up the firewall (which, let's face it, wasn't ... Upgrading is definitely worth ... Is there any need to install SP2? ...
  • Re: measuring Engine RPM in the air
    ... One observation is worth a thousand expert ... opinions. ... With a plane you'd just have to take the frequency/rpm reading when ... Simplest is to measure the time it takes ...
  • Re: Is ISA recommended when using OWA or RWW?
    ... I'm not sure that would qualify as a good firewall, ... It makes sense that port 80 isn't needed, though I often see it cited for some reason. ... Under what circumstances should I consider also installing ISA 2004 and using it in conjunction with these? ... The standard procedure for enabling OWA/RWW really doesn't get into ISA that I noticed, so I imagine going without it is OK, but it would be helpful to know more about when it would be worth the extra trouble of implementing it for this specific purpose. ...