Re: Firewall choice for web hosting

From: karl [x y] (jamescagney90210@excite.com)
Date: 07/24/02 

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Wed, 24 Jul 2002 12:58:41 -0400

"Dean Smith" <deasmi@yahoo.com> wrote in message
news:670cfd22.0207240302.737c6d2d@posting.google.com...
> I am looking into a new firewall choice for organisation I have just
> joined which hosts a very large volume web site.
>
> Normally I would use Cisco PIX products, a choice based somewhat on my
> familiarity with Cisco kit and their good security record, but this
> has been in situations where I also needed to send outbound corporate
> traffic out through the same network. The PIX has a few niggles, such
> as the alias command and PDM, that make the hosting part slightly more
> difficult than needs be.
>
> For a hosting only solution I am wondering if there is a better
> solution, Firewall-1 being my current second choice.
>
> I would be interested in peoples thoughts of this, especially in terms
> of stabailty, security and ease of management for web hosting. One
> concern I have with FW-1 is that it runs on top of another OS and
> flaws int he OS may expose the firewall to attack. Does the Nokia FW-1
> product suffer from this short coming ?

If you're concerned about number of flaws, I think FW-1 has so far tended to
have more flaws and patches than other firewalls, before you even consider
the OS. Again, if you're just concerned about number of bugs and patches,
running FW-1 on an appliance like Nokia is probably better than running it
on Windows or *nix.

You could also evaluate Netscreen or a low-end PC running free OpenBSD. One
advantage to OpenBSD is that there are a lot of options you can afford to
add to it, like additional network interfaces to create a DMZ, reporting, a
second identical unit for a contingency plan, local on-site 24x7 support
from a third party, etc.

Relevant Pages

  • Re: ANY OPINIONS ON THE S-BOX?
    ... Actually I think it's manufactured by Sofaware and runs Checkpoint FW-1. ... this is even possible with the S-box, but if it is, it would cost you extra ... subscribe to a third party ISP that would remotely manage your firewall. ...
    (comp.security.firewalls)
  • R: Questions about fw-1
    ... > 1- FW-1 works with Statefull inspection technology, ... > SecureWay Firewall does, but does anybody know some CheckPoint ... It's good for enforcing bastions, natting, implementing security rules, ...
    (Security-Basics)
  • Re: Checkpoint Front End server - ISA Back End server - OWA Setup
    ... What version of FW-1? ... the traffic between ISA's internal interface and the Exchange server. ... Exchange server in plain HTTP format, ... I am not a firewall expert, but our firewall guy tells me this is a risk, ...
    (microsoft.public.isa)
  • Re: SonicWall Pro 300 vs CheckPoint 4.0
    ... As far as comparing a Pro300 to FW-1 for the setup you've described, ... right infront of the firewall (and if you say pcAnywhere, ... blah blah blah. ...
    (comp.security.firewalls)
  • Re: companyweb cannot route over internet
    ... The links on Companyweb use the companyweb url. ... > OWA works fine outside of the team web site where we use a FQDN. ... >> (OWA) site, so if you want to access OWA you need to publish E-mail ... Navigate the wizard to Firewall and then select Enable firewall. ...
    (microsoft.public.windows.server.sbs)