Re: Symantic Firewall 100 - Pro/Con Comments Please
From: Markus Kraus (mkr_at_gmxpro.de)
Date: 03/03/04
- Next message: Markus Kraus: "Re: BlackIce version ccf"
- Previous message: Biswajit Tripathy: "Re: The uselessness of online scan tools"
- In reply to: Lars M. Hansen: "Re: Symantic Firewall 100 - Pro/Con Comments Please"
- Next in thread: jealous xmp: "Re: Symantic Firewall 100 - Pro/Con Comments Please"
- Reply: jealous xmp: "Re: Symantic Firewall 100 - Pro/Con Comments Please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 03 Mar 2004 11:40:23 -0800
On Wed, 03 Mar 2004 16:22:48 GMT, Lars M. Hansen wrote:
>Cons:
> - if outbound access is restricted, then there's very limited which
>services can allowed out. About 12-14 services are predefined (http,
>pop3, smtp, dns, ftp, ...), and you can add an addition 5 custom TCP and
>5 custom UDP ports (or ranges).
- and, you can only allow a certain port in general (meaning, for all
addresses). For some services (like smtp, pop3, or vpn), I prefer to
limit the port usage to a fixed list of service providers. (For
example, I hope to prevent potential viruses that make it into my home
LAN to send out mass emails through anonymous remailers). Therefore, I
replaced my Symantec 100 at home with a SonicWall SOHO3.
I also didn't like the logging capabilities of the Symantec 100. It
appeared that when the PC that collects the syslog data was turned
off, the Symantec all of a sudden stops sending the syslog messages.
So even when the PC comes back to life, and the Symantec still has its
IP address listed in the "syslog" field, the Symantec still doesn't
send the syslog messages. I had to go to the Symantec config web site,
and press "save" at the syslog settings in order to revoke it.
That said, I also disliked that the web interface is only HTTP, not
HTTPS.
So, even for my personal home network, I found the Symantec 100
insufficient.
>Lars M. Hansen
>www.hansenonline.net
BTW, I like your web site! The other day, I was curious so I clicked
on that link in one of the messages you posted, only to find out that
I had your site already listed in my "list of cool sites" (not knowing
that YOU're the man behind it).
Best regards,
Markus
- Next message: Markus Kraus: "Re: BlackIce version ccf"
- Previous message: Biswajit Tripathy: "Re: The uselessness of online scan tools"
- In reply to: Lars M. Hansen: "Re: Symantic Firewall 100 - Pro/Con Comments Please"
- Next in thread: jealous xmp: "Re: Symantic Firewall 100 - Pro/Con Comments Please"
- Reply: jealous xmp: "Re: Symantic Firewall 100 - Pro/Con Comments Please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
