My SonicWall hasn't let me down yet. Well, except for a bad jack, just had to a take a pair of pliers to it.
Printable View
My SonicWall hasn't let me down yet. Well, except for a bad jack, just had to a take a pair of pliers to it.
Here i will post some sites with firewalls and there faq,s
Checkpoint www.phoneboy.com
watchgaurd www.watchgaurd.com
Cisco pix vs fw-1 www.roble.com/docs/fw1_or_pix.html
linux based freesco www.freesco.org
information security books for free http://www.secinf.net/
secure point linux http://www.securepoint.cc
hope that helps
words of the day "We all must share knowledge in a positive way not ridiculing each other remeber galileo".
EvIl
Let me tell you guys a little something about watchguard.....
IT SUCKS!!
Sure it has a decent interface, it is pretty easy to use and it is secure (at least as secure as the admin makes it), but EVERY time you make a configurration change, the Firebox needs to reboot. Now this might be OK in a very small environment, but try to do it on a bigger network when someone "needs" a change done immediately, but you first have to tell everyone that the firewall will be down for a while while it reboots. Also, Watchguard tech support sucks. I once called them with a network down emergency, and I was forced to leave a messge describing the problem on an answering machine, and an engineer would get back to me in four hours. Now I do not know how many of you have ever worked on a corporate network, but try explaining to your boss and everyone else that the Internet will be down for at least four hours while you are waiting for a call back from tech support, who you never even actually talked to, just left a message. I have been forced to call them several times with the same problem each time, and I will let you know now that my fastest resolution time was about 3 hours, with the longest being 2 days, and it took 9 hours for someone to get back to me.
So bottom line....Watchguard is NOT an Enterprise Firewall.
BTW...Checkpoint did have some minor vulerabilities, but what products don't. The Checkpoint vulnerabilities were very minor. Also , Checkpoint tech support is nothing special either, but it is much better than Watchguard.
Cisco is a great firewall and tech support is second to none. There is no tech support better than cisco as far as I am concerned.
Sonicwall...again not a bad small firewall, but NOT an enterprise level firewall at all.
I have been working with firewall almost constantly for about the last five years, it is my job, so trust me, I know. All of these firewalls have their place, just make sure you choose the right one for the right situation.
Oh...and if you truly want a good firewall. Try IPF on *BSD. Very easy to use and extremely powerful.
Some people are afraid of *nix firewalls though.
Some people are afraid of the dark but that doesn't mean you should stay inside at night.Quote:
Originally posted by iNViCTuS
Oh...and if you truly want a good firewall. Try IPF on *BSD. Very easy to use and extremely powerful.
Some people are afraid of *nix firewalls though.
And Checkpoint has more than a few vulnerabilities, my friends. Do your homework.
OK...please tell me a major vulnerability that has ever been discovered in a Checkpoint firewall. Big deal, a DoS here or there or maybe a malformed packet vulnerability. A firewall is more about the firewall admin than it is the type of firewall.
EVERYTHING has vulnerabilities...only the big players get scrutinized for every vulnerability that is uncovered (i.e. Microsoft, checkpoint, etc) That is why it is important to apply patches and updates. Of course an unmanaged firewall is useless to begin with.
I have been working with Checkpoint firewalls for a long time, so believe me, I have done my homework.
And as far as a Unix firewall is concerned, you cannot easily manage multiple firewalls within a single interface like you can with Checkpoint or Cisco. So that is what I meant by being afraid of them. Many organizations do not have the in-house talent to manage IPF, IPTABLES, IPCHAINS, etc. We know it is not that difficult, but many organizations still do not trust these types of applications because they are not highly publicized.
IMHO, NOTHING...I repeat...NOTHING...compares to the reliability of Zone Alarm Pro for a software firewall! Ease of installation, ease of configuration...and back it up with a hardware firebox, and it's almost unbeatable! Zone Alarm Pro sells for roughly 40 US dollars per license...for its price, come on, friends!!??
yeah...maybe you are right...I should suggest that to my company.
100,000 users X $40/users
plus another few thousand for a firebox II
----------------------------------------------------------
= only just over $4 million
What the hell was I thinking...that is definately the way to go ;)
A good firewall is only as good as its admin and ability to recognize attack signatures and react to them ,oh yeah bleeding network traffic to the internet would be good as well
all that i have mentioned are configuration based most firewall products do this , i am not against unix i love it as for using it as a firewall we must get out of the new jack hacker way of thinking just because its harder does not mean its better,most people want to use a simplistic product like checkpoint firewall 1 with a gui not many people who buy firewalls buy ipchains firewalls although its cool to know i have never seen ipchains implemented in an enterprise environment, i have rarely seen open bsd based firewall implemented why? because of ease of use .
Lets all grow up and think of the essentials "Bruce lee"
We just got a new Watchguard Firebox to replace our previous firewall. I've been busy setting it up and adjusting it as I find problems. So far, I've only had to reboot it twice in over 25 changes. I can't agree with you on the part about "EVERY time you make a .....change....needs to reboot". Additionally, reboots don't seem to take more than a minute (although I haven't timed one). I don't think anyone even noticed.Quote:
Originally posted by iNViCTuS
Let me tell you guys a little something about watchguard.....
IT SUCKS!!
Sure it has a decent interface, it is pretty easy to use and it is secure (at least as secure as the admin makes it), but EVERY time you make a configurration change, the Firebox needs to reboot. Now this might be OK in a very small environment, but try to do it on a bigger network when someone "needs" a change done immediately, but you first have to tell everyone that the firewall will be down for a while while it reboots. Also, Watchguard tech support sucks. I once called them with a network down emergency, and I was forced to leave a messge describing the problem on an answering machine, and an engineer would get back to me in four hours. Now I do not know how many of you have ever worked on a corporate network, but try explaining to your boss and everyone else that the Internet will be down for at least four hours while you are waiting for a call back from tech support, who you never even actually talked to, just left a message. I have been forced to call them several times with the same problem each time, and I will let you know now that my fastest resolution time was about 3 hours, with the longest being 2 days, and it took 9 hours for someone to get back to me.
So bottom line....Watchguard is NOT an Enterprise Firewall.
Now, I can't comment on it being an Enterprice firewall, as we only have about 20 users.
Security wise.... it's only as secure as the admin.... let's hope I do/did a good job.