|
-
May 29th, 2003, 08:31 PM
#10
We have been looking at it right now (and you have to remember we have very large enterprise so we are looking at that kind of solution) and a clear leader right now is Checkpoint's Firewall-1 running on a Nokia Epliance. You get support from Nokia and support for clustering just for buying product and it has as far as we can tell some of the best performance around. Firewall-1 also has some pretty interesting capabilities with NAT, content filtering, and a few other things that are pretty nice. It is the only firewall we looked at that had a competent enterprise management solution.
We also use Cisco PIX on a much smaller scale, and it works pretty well and was easy for people to pick up because of similarities to Cisco's router IOS. We also found it did some very interesting things to protocols using the fixup options (like for SMTP it deletes all the server information and severly limits commands that can be run). I consider it to be a good firewall with good performance, but don't consider it to scale to well, even with Cisco's management solution. I consider PIX to be a very good firewall but we went towards Nokia over the enterprise management capabilities of firewall-1 versus the stuff with PIX. It NAT's by default and is very secure by default, but a little harder to configure.
I have messed around with SunScreen before (about 2 years ago) and was appalled with it. Clunky interface and relatively difficult to configure versus the other products we were looking at. I personally would avoid it.
I have also messed around with TSI/NAI/Secure Computing's Gauntlet. It is the only true proxy firewall out of the group, but your performance will suffer, it is not as easy to configure, and it is being merged with Secure Computing's Sidewinder firewall.
SecureComputing makes a new firewall that is based off supposidly the best of Sidewinder mixed with the couple of good things in Gauntlet (like anti-virus) and it continues to be run on a specialized platform like sidewinder. I haven't messed around with this, but considered sidewinder to be a pretty good product for the little that I have seen it.
There was someone that made an appliance that ran IP tables but I don't remember the name. I will ask a friend of mine that was running it and post again when I find it.
It just depends on your needs, versus performance, versus cost. Have a look at the ones I mentioned (minus gauntlet, it was a leadin for Secure Computing's product). Good luck and happy hunting.
/nebulus
EDIT: The IPtables firewall was Astaro.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote