March 14th, 2002 06:25 PM
So, not being a board regualr makes me wrong from your point of view..
I'll just add a few lines to waht invictus said...
First, any system without an IP stack won't be able to communicate with ANYTHING unless designed to create replies by itself <ie. emulating an IP stack> wich isn't a correct apparoach from a system desiging point of view. Although it saves the system from most IP packet attacks, it's considered such a memory hungry solution that isn't worth it..
And if you wanted it for CP, you should ask Nokia to provide it and not CP, CP runs on any OS that might include any system that runs a specific network-related app, wich leads to my next point...
What about content security? how would your stealthmode technology get to send packets to <for example> my UFP server? CVP? ANyone familliar with CVP knows that it could protect from viros travveling the network in alot of protocols and not like those on mail-servers...
Ok, invictus said without an IP stack mangment would be imposible, depends on the type of mangment, does Sunscreen offer a solution to mange multiple FWs from one box or something like Provider-1?
Also, what sort of HA and FO schemes do such boxes provide? any box doing HA while bound to an IP address takes around 100ms to get the info to the other box and another 55ms to add the changes, that means a total of ~155ms, would you tell me how fast is it to do HA without an IP stack bound to an interface plus the time needed to generate the replies?
Another valid point is authentication, How would it do auth? most <if not all> auths need to talk to the FW thru something, without an IP stack such communications would have to be done thru Unix pipes <or some gay socket programming> so how would you be able to auth? and to what degree does auth state sync work on the Sunscreen?
don't VPN connections need to interact with an IP stack? a FW that does the encryption and decryption is one that takes more load than it needs..
Ok, this is about it or the SunScreen, lets see why I prefer CP..
1) INSPECT, I've seen alot of ppl get majic done with it..
2) The OPSEC alliance, Provides you with nearly everything you need
3) Centralized mangment & an award winning GUI, doesn't need explanation
4) IPSO, I'd really like to see an OS scale to routing purposes as IPSO does anyone that has used it knows what I mean..
5) Support, logic, easy configuration for basic tasks and difrentiation of tasks as in control.map...
SO, am I wrong? correct me, and pleas note those *valid* points that you've said befor I ran away from answering <probably cuz I chickened>...