Re: [fw-wiz] Opinions wanted...
- From: dlang@xxxxxxxxxxxxx
- Date: Fri, 23 Nov 2007 14:19:01 -0800 (PST)
On Fri, 23 Nov 2007, Timothy Shea wrote:
IMHO - if you haven't used either platform before and only 3 firewalls
- either solution will require an equal amount of training to
understand and my guess is that the VAR who is recommending against
checkpoint will make more money if you buy checkpoint versus sidewinder.
either that or the VAR doesn't understand sidewinder, or only has a few people
who do.
That being said - for your type of application I would lean toward
CheckPoint Secure Platform (SPLAT) versus Sidewinder or Checkpoint
running on Nokia and my reasoning is that I can normally use what ever
hardware platform my server teams support versus buying an all in one
appliance solution (checkpoint nokia, sidewinder).
I definantly prefer the more open solution to an appliance, but if you would
actually use the proxies that Sidewinder makes available, the difference in
security is probably worth the decrease in flexibility.
the checkpoint has some application layer checks, but you have to go out of your
way to enable them, and enabling them has a significant impact on the
performance of the box.
the Sidewinder has packet filtering in addition to the proxies, but you have to
go out of your way a little bit to use it (and their training heavily emphisises
the use of proxies, with packet filtering being a last resort)
I just got back from the Sidewinder training and I was happier with it then I've
been with any other vendor training I've been to in quite a while. the training
moves pretty fast, but besides covering the 'here's how to navigate the GUI'
basics that all vendors cover, they go a lot more in depth about what's
happening, and how to troubleshoot when things don't work. for me this wasn't
new but it was a good solid, but fast introduction to things (if the class moves
fast enough they have a 2 hour lab on tcpdump in the lesson plans for example)
David Lang
t.s_______________________________________________
On Nov 21, 2007, at 10:40 AM, Kurt Buff wrote:
All,
I've been working with Watchguards at my current employer for quite a
while, but we're looking to replace them.
We've received a recommendation from one firm for Sidewinders (a 410
and a couple of 110s for the branch offices).
We've received a recommendation against the Sidewinders from another
firm saying that they are too complex to manage easily, and require
extensive training to understand - they recommend Checkpoint instead.
Neither seems to be completely out of our price range, so it would
seem to come down to concerns regarding initial implementation and
ongoing management.
Are the Sidewinders that much more complex than Checkpoints?
Is one "better" (for whatever that might mean to you) than the other -
that is, if you have experience with both, which would you prefer, and
why?
I, of course, am excited to be learning a new platform, and want to
move away from some of the quirkiness of the ancient Fireboxes we
have, but want to make a reasonable recommendation to management.
Thanks,
Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Opinions wanted...
- From: Kurt Buff
- Re: [fw-wiz] Opinions wanted...
- From: Timothy Shea
- [fw-wiz] Opinions wanted...
- Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Previous by thread: Re: [fw-wiz] Opinions wanted...
- Next by thread: Re: [fw-wiz] Opinions wanted...
- Index(es):
Relevant Pages
|
