SunScreen Lite vs. IPF.

From: Tan Wee Yeh (tanwy@comp.nus.edu.sg)
Date: 08/11/01 

Date: Sat, 11 Aug 2001 09:45:28 +0800
From: Tan Wee Yeh <tanwy@comp.nus.edu.sg>
To: Focus-Sun <focus-sun@securityfocus.com>
Subject: SunScreen Lite vs. IPF.
Message-ID: <20010811094528.A25135@comp.nus.edu.sg>

Hi,

*Beginner alert*. Please pardon me if the answers are already
online.

I'm in the midst of evaluating both SunScreen Lite and IP Filter
as a host-based firewall for some of our Solaris8 machines with
an private network. We do not need a perimeter defence (this is
already done by the nice network folks). One of the more
important feature we want is to be able to run services within
the private network (on the boundary node) that is not accessible
from the public network.

I would like to know the following:
 - SunScreen lite's README says that is "Cannot be a member of a
   HA cluster". Does this refer to the configuration of HA
   firewall or the more general HA setup like provided with Sun
   Cluster 3.0?? We are going to run the machines with Cluster3
   so this is of fundamental importance.

 - What are the performance impact of either??

 - During the evaluation, what are the issues I should pay
   attention to? Currently, I have:
   - Features (just to make sure it can do what I want). I may
     alter the administration structure a little.
   - System requirements (The solution is for a group of machines
     so it will be best if the final choice can run nicely on all
     of them).
   - performance impact on the machines

Please correct me if you feel I have misunderstood any issues.

:)).
Thanks.

        Just me,
        Wire ... 

--
Tan Wee Yeh     wytan@pobox.com     http://www.pobox.com/~wytan
For PGP public key : http://www.pobox.com/~wytan/pgp
PGP fingerprint = CB 11 61 BE 4E EF FB 84  71 15 CF 22 46 FD 4C B3

Quantcast