really. Actually If I could get some money from these tight fisted *&@# that run the corp then I would try something else. Like maybe sunscreen, but where I am right now it's overcast. :)
Printable View
really. Actually If I could get some money from these tight fisted *&@# that run the corp then I would try something else. Like maybe sunscreen, but where I am right now it's overcast. :)
Hmm, would someone name a *good* reason why NOT to run CP or run SunScreen in favour? Your discussions seem pretty weird and anyone that has been into the FW industry and has learnt CP in a correct manner knows that no other product could compete, be it PIX, Raptor, Gauntlet or even StoneSoft's StoneGate..
name something serious and I'll find a way to access SunScreen, I bet it wont compete with CP as usual...
SOMETHING SERIOUS...
etsh911
How about this good reason: I don't like it. I don't think it's as good as Sunscreen.
As for the rest of your post, it doesn't make sense. Are you trying to say that if you don't run CP, you don't know what you are doing? Please.
WoW! u don't like it, Man, I wonder how that didn't become an industry standard...
What on earth do u mean by u don't like it, if SunScreen has something to offer then name it, and show everyone on this forum how great your SunScreen and you knowlege are.
I have previously demonstrated point that make CP excel other FWs on this forum and ANYONE on the fw1-wiz list knows that I know my ****..
etsh911
Sunscreen offers stealth mode. In other words it runs in bridged mode, no IP stack to speak of. Now, how useful do you think a firewall with non-IP interfaces is?
(*hint*very useful*hint*)
Keep in mind I'm a user and not a high and mighty developer, such as yourself, so forgive my ignorance. But, I believe this is major difference between the two. As far as I know CP doesn't offer that capability. Or does it?
etsh911 - I don't see how you have taken offense in this matter. I am upgrading from 41 to ng, which, of course, is still ckp. I don't know why my discussions are weird - I've been with ckp for +3 years and if there is some things that are annoying about it I'll say so. The product is still good, I just think pix might be better. Our company runs at least all of the popular fws and there is good and bad with each one.
I joined this site hoping to gain some insite in CPfw and Security. I'm new to this whole thing so I hope you'll excuse me for getting into this discussion. I am a backup FW admin on a CPfw4.1 sp-1 and have been having alot of trouble with AOL mail. YA I know but what doctors want doctors get. Anyway, users can log into AOL at the home page successfully but when they attempt to access their mail the "Detect Network Settings" on IE comes up. This happens on 4.0 sp2 through 6.0. I'm not seeing anything being blocked or otherwise not connected in the fwlog. AOL is of course of no help and CP well is CP. Anybody seen this, its only been affecting us for 4-6 weeks.
Not to ignore you imchaser but I'd like to think etsh911 will come back and show me what's what, you know? This is the second time I've brought up valid points and I have yet to see an intelligent response from him. So? You called me out, with the insults and such, and now where are you? Hmmmm..
KorpDeath:
Please forgive my ignorance a I am also a CP and PIX guy...Have never really done much with Sunscreen.
I am just wondering how a firewall works in stealth mode...you obviously can't keep state if there is no TCP/IP right? Also, what about NAT, how would that work...I am assuming you would have to do it on your router..
I have heard of IDS being able to run in stealth because it is only passively inspecting traffic but I never knew you could or would want to do this with your FW. I would also think that it would make centralized management almost impossible unless you have an interface with an ip stack bound to it on a management LAN (which is what I am assuming you do).
Most importantly, how would the firewall filter at layer 3 and 4 (like a normal FW does) without an IP stack bound to the interface? Bridging is done at layer 2...
Again I am just asking questions because I have never used it and do not know...but I would like to learn more.
Well. It does have a state table. It's all about the drivers.
If you are running the firewall in stealth mode you shouldn't use it to NAT. It will work but the performance will be slow.
As for management, it uses SKIP.