RE: Firewall Hardware Recommendations

From: Timothy Donahue (tdonahue_at_Haynes-Group.com)
Date: 12/31/03

  • Next message: Shawn Jackson: "RE: Traces"
    Date: Wed, 31 Dec 2003 17:15:17 -0500
    To: <security-basics@securityfocus.com>
    
    

    >
    > I am not trying to question your working experience with WG:
    > I work for a
    > company who support Watchguard, apart from other products
    > .... including
    > Sonicwall and Borderware ...
    >
    > Since I started supporting Watchguard, around 2000, and may have
    > criss-crossed about atleast 150 to 200 fireboxes / customers
    > or more, and
    > still supporting a majority of this number, and the scenarios
    > you mentioned
    > were (occasionally) showing up on the older softwares, where
    > they used a

    I have a Firebox III 700, and I can verify the crashes happen. Both
    times, it was version 6.2. I had one removing the VPN key, and another
    one when all I was doing was applying a routing update. (I will admit
    that I was changing all but one of the routes the Firebox knew, but
    still....) I also have had it just stop routing packets twice in the
    last couple months.

    I am getting ready to replace ours with a PIX or OpenBSD's PF in the
    next couple of months. We will probably go with the PIX, because of
    Cisco's support, but I am using PF for all our internal firewalls. If
    you are looking for something stable, and secure, I would recommend
    using one of those.

    I would recommend a Watchguard Firewall to a startup company, but from
    the description of the Original Poster's network, it sounds like you
    need something slightly more robust than what I have seen from the
    Watchguard line. In this case, I would recommend either the PIX or PF.
    (Side note: I have heard that Checkpoint firewalls are excellent as
    well, I just have never had the oportunity to use one.)

    My $.02.

    Tim Donahue

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Shawn Jackson: "RE: Traces"