RE: Firewall Hardware Recommendations
From: Naren - Pactech (naren_at_pactech.net)
Date: 12/30/03
- Previous message: Christos Gioran: "Re: compromised network"
- In reply to: Shawn Jackson: "RE: Firewall Hardware Recommendations"
- Next in thread: Shawn Jackson: "RE: Firewall Hardware Recommendations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Shawn Jackson'" <sjackson@horizonusa.com>, <jamesworld@intelligencia.com>, "'Keith Duemling'" <kduemling@cox.net> Date: Tue, 30 Dec 2003 11:32:55 +0800
Dear all ....
I am not trying to one-up, but Watchguard Fireboxes Series (FB 500 to FB
4500) have something called "PROXIES" with a lot of functions and
security. And it has unbeatable graphical monitoring and logging tools,
all bunlded in FOC (now .. what use is a firewall is you are not sure who
is doing what, in realtime !!!)
Note - the entry level soho are built on Stateful inspection and the
higher end V-Class are built a ASIC architecture .. I would not want to go
the specifics ...
BTW, take a look at the common-criteria certifications, and see what
technology of firewalls are getting higher scores (I hope you are well
versed with Common Criteria)
If you can convince me that SPI or ASA is better than Application level
proxies, I will say that you are right !!!
Naren
PS: we are only a reseller, and not distributor for WG, as we also resell
other security products ..
T. Naren
Technical Manager - Pactech Pte Ltd., Singapore
Infocomm Security Solutions Distribution and Services
pager: +65-95778725
office: +65-62711123 fax: +65-62703919
e: naren@pactech.net w: http://www.pactech.net
address:
Blk 211, Henderson Road, #07-02, Singapore 159552
-----Original Message-----
From: Shawn Jackson [mailto:sjackson@horizonusa.com]
Sent: Tuesday, December 30, 2003 2:03 AM
To: jamesworld@intelligencia.com; Keith Duemling
Cc: security-basics@securityfocus.com
Subject: RE: Firewall Hardware Recommendations
WatchGuard more secure then PIX? Probably a sales person from
another vendor gotta love them. I've protected banks with the PIX 515 and
525 series and their rock solid. Update your Secure-IOS and maintain your
ACL's and your golden. Unlike SonicWall (maybe even WatchGuard now too)
you don't have to pay for the VPN component. A SonicWall PRO 230 + VPN
Licensees + Client Licensees = More then a PIX 515. I've heard, but never
seen, that WatchGuard in the same licensing frenzy. Can't speak
for NetScreen, I've personally tried to stay away from them, they give me
the willies, but it's been a while since I looked at them last.
Same Q's as J. What Model? What S-IOS version? How Old, etc.
Iadmit, with head held in shame, that configuring the PIX can be a pain in
the arse, especially when you're working with the IPSEC end of a VPN
configuration and I've never setup PPTP on a PIX, but have done so on many
Cisco routers with little problems.
Honestly, whoever sold you that load a bull needs help, no
disrespect intended but in security facts rule the digital road and
misinformation is the hazard just around the next corner.
I hope EVERYONE had a safe and uneventful Christmas + Boxing Day. Set
aside some time today to review your logs (that built up) in full before
saving them and clearing from the active log files.
Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
(800) 325-1199 x338
-----Original Message-----
From: jamesworld@intelligencia.com [mailto:jamesworld@intelligencia.com]
Sent: Sunday, December 28, 2003 10:34 PM
To: Keith Duemling
Cc: security-basics@securityfocus.com
Subject: Re: Firewall Hardware Recommendations
Keith,
Curious, What cisco firewall do you currently have and what version OS
is
on it?
Who told you that a WatchGuard firewall is more secure than a Cisco
firewall?
The PIX does what you are asking for. If you have information to the
counter, please post.
Cheers!
-J
At 19:32 12/23/2003, Keith Duemling wrote:
>Just wanted to get some feedback from the list regarding some research
I'm
>currently working on. We're replacing our existing Cisco firewall with
a
>dedicated firewall hardware/software solution to provider greater
security
>and VPN access.
>
>I've been looking at the Netscreen and various Watchguard products at
this
>time. The current environment is as follows;
>
>- NAT environment
>- DMZ to host web accessible servers
>- 100 internal users
>- Extensive intranet site & visitation to several high profile B2B
sites.
>- Constant 10 user VPN community.
>- Redundant T1 connection managed by RADware Linkproof hardware
solution.
>
>Any recommendations would be greatly appreciated. Thanks in advance.
>
>Keith Duemling
>MCP
>
>
>
>-----------------------------------------------------------------------
---- >----------------------------------------------------------------------- ----- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- -------------------------------------------------------------------------- - -------------------------------------------------------------------------- --
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- text/plain attachment: InterScan_Disclaimer.txt
- Previous message: Christos Gioran: "Re: compromised network"
- In reply to: Shawn Jackson: "RE: Firewall Hardware Recommendations"
- Next in thread: Shawn Jackson: "RE: Firewall Hardware Recommendations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
