RE: SunScreen Lite vs. IPF.
From: Stuart Flisher (stuart.flisher@dalofte.co.ae)Date: 08/14/01
- Previous message: Darren Moffat: "Re: NFS Security Question"
- In reply to: Tan Wee Yeh: "SunScreen Lite vs. IPF."
- Next in thread: John Rowan Littell: "Re: SunScreen Lite vs. IPF."
- Reply: John Rowan Littell: "Re: SunScreen Lite vs. IPF."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Stuart Flisher" <stuart.flisher@dalofte.co.ae> To: "'Tan Wee Yeh'" <tanwy@comp.nus.edu.sg>, "'Focus-Sun'" <focus-sun@securityfocus.com> Subject: RE: SunScreen Lite vs. IPF. Date: Tue, 14 Aug 2001 11:50:54 +0100 Message-ID: <000401c124ae$fe3bb5c0$02d3020a@SONYVAIO>
I have installed SunScreen Lite without really any issues.
SunScreen Full can be deployed in a SunScreen HA pair for redundancy.
SunScreen lite cannot. This is what the Readme refers to.
Don't install on Sun Cluster machines, word is that it is incompatible until
next version of SS Lite (but don't quote me). Something to do with the
interfaces. Can't give you more info I am afraid.
Didn't notice any performance impact with SS Lite. You should consider how
you wish to administer all the machines i.e. command line or GUI. I prefer
command line myself.
One point IPF is a packet filter (right?) whereas SunScreen is stateful
inspection.
Good luck.
Regards
Stuart
-----Original Message-----
From: Tan Wee Yeh [mailto:tanmawy@comp.nus.edu.sg]
Sent: 11 August 2001 02:45
To: Focus-Sun
Subject: SunScreen Lite vs. IPF.
Hi,
*Beginner alert*. Please pardon me if the answers are already
online.
I'm in the midst of evaluating both SunScreen Lite and IP Filter
as a host-based firewall for some of our Solaris8 machines with
an private network. We do not need a perimeter defence (this is
already done by the nice network folks). One of the more
important feature we want is to be able to run services within
the private network (on the boundary node) that is not accessible
from the public network.
I would like to know the following:
- SunScreen lite's README says that is "Cannot be a member of a
HA cluster". Does this refer to the configuration of HA
firewall or the more general HA setup like provided with Sun
Cluster 3.0?? We are going to run the machines with Cluster3
so this is of fundamental importance.
- What are the performance impact of either??
- During the evaluation, what are the issues I should pay
attention to? Currently, I have:
- Features (just to make sure it can do what I want). I may
alter the administration structure a little.
- System requirements (The solution is for a group of machines
so it will be best if the final choice can run nicely on all
of them).
- performance impact on the machines
Please correct me if you feel I have misunderstood any issues.
:)).
Thanks.
Just me,
Wire ...
-- Tan Wee Yeh wytan@pobox.com http://www.pobox.com/~wytan For PGP public key : http://www.pobox.com/~wytan/pgp PGP fingerprint = CB 11 61 BE 4E EF FB 84 71 15 CF 22 46 FD 4C B3
- Previous message: Darren Moffat: "Re: NFS Security Question"
- In reply to: Tan Wee Yeh: "SunScreen Lite vs. IPF."
- Next in thread: John Rowan Littell: "Re: SunScreen Lite vs. IPF."
- Reply: John Rowan Littell: "Re: SunScreen Lite vs. IPF."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
