Re: Nokia, Checkpoint, Stone, Linux, Pix

From: gaius.petronius (rut@linuxmail.org)
Date: 01/23/02 

From: rut@linuxmail.org (gaius.petronius)
Date: 22 Jan 2002 20:35:49 -0800

Nicholas Bachmann <nabachmann@yahoo.com> wrote in message news:<3C48AD75.8060500@yahoo.com>...
> gaius.petronius wrote:
>
> > we went to a briefing of the Nokia 650 firewall.
> > Apparently the Nokia 650 is a pci motherboard with a Nokia operating
> > system (IPSO 3.3) providing hooks for firewall software developers.
> >
> > so it can run Checkpoint or Stone.
> >
> > the pointy-haired sales types were telling customers that it was a
> > "hardware firewall" (as opposed to a software firewall). (i suppose
> > "hardware" meaning that the operations were chip-embedded, no hdisk,
> > no OS. Much like the asic chips that provide true layer 4 switching
> > on some routers)
>
>
> If it doesn't have the software itself on the machine, I wouldn't call
> it a hardware firewall.
>
>
> >
> > in any case, the fact is that Nokia 650 with Checkpoint or Stonesoft
> > running on it is outperformed by a Linux 6.1 (with same exact cpu
> > clock speed and same amount of memory) using ipchains in the kernel.
>
>
> Did they have the *exact* same configuration? Many commercial firewalls
> come with rules that may be slowing the process down.
>
>
> >
> > and would you believe they had some paperwork there which showed these
> > statistics. (Sun Sparc running Checkpoint scored very low but as
>
>
> Kind of surprising; I've always heard Solairs/Sparc was good for that
> kind of thing. IIRC, Enterasys recommends it as the best platform for
> their IDS.
>
>
> > expected the IBM AIX 4.3 on a 44-P scored the nearest [231] to Linux
> > [246])
> >
> > There were no stats for Cisco Pix
> >
> > 1: does anyone know how Cisco Pix compares with Stone firewall
> > software running on a Nokia 650?
>
>
> From my experience, the Pix is one of the coolest pieces of technology
> I have seen. I'm guessing the performance is really good, but as
> someone pointed out, if performance is your only concern, you might as
> well just not have a firewall.
>
>
> >
> > 2: am i correct in saying that the Nokia 650 essentially is a PC and
> > that a Linux machine running ipchains can do the same job better?
> >
> > 3: does there a exist a *better* technology, a different hardware
> > platform, that outshines all of these firewalling methods?
>
> As I said, the Pix is very good, and if you have the money, spring for it.

Nick
Thanks for your input as always
What are some reasons why you would prefer Cisco's Pix over the Nokia
(or over a Checkpoint or Enterasys IDS?)

Relevant Pages

  • Re: Nokia vs PIX comparison
    ... > either a Cisco PIX or Nokia Firewall appliance. ... The PIX on the other hand is a completely different system, ...
    (comp.security.firewalls)
  • Re: Checkpoint experiences
    ... decide they want the firewall used by the big boys...often repeated, ... The Nokia appliance IPSO, is useful if you don't want to take the ... It is no wonder that the Nokia interface is called ... > billions on training, and classes, consultants, support contracts, etc. ...
    (comp.security.firewalls)
  • Re: Nokia, Checkpoint, Stone, Linux, Pix
    ... >>>we went to a briefing of the Nokia 650 firewall. ... >>>system providing hooks for firewall software developers. ... >>>There were no stats for Cisco Pix ... > (or over a Checkpoint or Enterasys IDS?) ...
    (comp.security.unix)
  • Re: Nokia, Checkpoint, Stone, Linux, Pix
    ... > we went to a briefing of the Nokia 650 firewall. ... > system providing hooks for firewall software developers. ... The advantage of checkpoint being the maintainability. ... Look at OpenBSD with either ipf or pf. ...
    (comp.security.unix)
  • TELNET session disconnects after Firewall Authentication is Sucessful
    ... We have Data General/MV20000Telnet Server ... that is connected to our users through a NOKIA IP120 ... FIrewall, ... This is a redundant system...i.e 2 DG computers running ...
    (microsoft.public.win2000.security)