Re: ANY OPINIONS ON THE S-BOX?

From: karl [x y] (jamescagney90210@excite.com)
Date: 07/29/02 

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Sun, 28 Jul 2002 21:52:39 -0400

"Charles Antrim" <csantrim@cox.net> wrote in message
news:MTX09.35294$Fq6.3402393@news2.west.cox.net...
> I am looking to hear from someone that has had success with the CheckPoint
> S-BOX?

Actually I think it's manufactured by Sofaware and runs Checkpoint FW-1.
The web interface looked pretty simplified, e.g. it looked like there was
only a slider bar to select low, medium or high security. In order to get
all the functionality of FW-1, I would want to purchase and install the FW-1
management server on a separate computer on your network. I don't know if
this is even possible with the S-box, but if it is, it would cost you extra
and it would probably take a third party support person to set it up
correctly, it is reportedly not easy to do.

If I remember correctly, the S-box was aimed at SOHO users without the means
or interest in managing their own firewall, and so you were encouraged to
subscribe to a third party ISP that would remotely manage your firewall.
This is probably a good idea for some people and environments, but is not
for other people who don't trust security to anyone but themselves. I'd
want to be sure that there was some sort of reporting and some way to check
the firewall configuration to be sure that it was being correctly and
securely configured.

If you want a low cost firewall appliance that you can manage yourself, you
might consider the FW-1 appliances from Intrusion.com or Nokia, a Netscreen
5XP or Nortel Contivity Extranet Switch, etc. which don't run FW-1. These
will cost a little more, around $500 to $1000.

[You could also consider running a free Linux or BSD firewall on an old 486
or 586 PC. Some of them such as IPCop and Smoothwall supposedly have easy
to use configuration screens aimed at novices. ClosedBSD has a simple menu
and runs off of a single boot floppy.]

Relevant Pages

  • R: Questions about fw-1
    ... > 1- FW-1 works with Statefull inspection technology, ... > SecureWay Firewall does, but does anybody know some CheckPoint ... It's good for enforcing bastions, natting, implementing security rules, ...
    (Security-Basics)
  • Re: Checkpoint Small Office.
    ... Checkpoint seems to claim that FW-1 Small Office has about the same ... > We are a small company who are moving offices and need to get a firewall. ... You should probably consider a firewall appliance instead. ...
    (comp.security.firewalls)
  • Re: SonicWall Pro 300 vs CheckPoint 4.0
    ... As far as comparing a Pro300 to FW-1 for the setup you've described, ... right infront of the firewall (and if you say pcAnywhere, ... blah blah blah. ...
    (comp.security.firewalls)
  • Re: Checkpoint Front End server - ISA Back End server - OWA Setup
    ... What version of FW-1? ... the traffic between ISA's internal interface and the Exchange server. ... Exchange server in plain HTTP format, ... I am not a firewall expert, but our firewall guy tells me this is a risk, ...
    (microsoft.public.isa)
  • Re: Firewall choice for web hosting
    ... > joined which hosts a very large volume web site. ... > flaws int he OS may expose the firewall to attack. ... Does the Nokia FW-1 ... If you're concerned about number of flaws, I think FW-1 has so far tended to ...
    (comp.security.firewalls)