Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Looking for a good Firewall
- Thread starter joepalm
- Start date
I've been pleased with Watchguard firewalls. Easy to configure, easy to manage, rock solid. You can download a demo of the management client - it's the same interface, just has dummy data in it.
Marc Creviere
Marc Creviere
- Thread starter
- #4
How's about IPCop, IPtables in general, and Squid; they're free, tweakable, and do everything and more that the PIX will do. Content filtering, Bandwidth management, Traffic Reporting, Site-Blocking, SMTP Proxy, by default HTTP Proxy, IPSec VPN, Transparent Proxy (very handy), and above all Mulitiple One-to-One NAT features (Microsoft ISA will NOT!!!) I won't go into the handcuffs Microsoft ISA straps on an Admin. A firewall is meant to be administered by an Admin, let the Admin administer the firewall. The last directed at Mr.Gates.
How's about IPCop, IPtables in general, and Squid; they're free, tweakable, and do everything and more that the PIX will do. Content filtering, Bandwidth management, Traffic Reporting, Site-Blocking, SMTP Proxy, by default HTTP Proxy, IPSec VPN, Transparent Proxy (very handy), and above all Mulitiple One-to-One NAT features (Microsoft ISA will NOT!!!) I won't go into the handcuffs Microsoft ISA straps on an Admin. A firewall is meant to be administered by an Admin, let the Admin administer the firewall. The last directed at Mr.Gates.
PIX
But no matter what you choose, stay away from a software based firewall; they carry all of the security vulnerabilities as their host operating system. And for God's sake, please don't use a software firewall on NT/2000. ------------
Certified in absolutely nothing
But no matter what you choose, stay away from a software based firewall; they carry all of the security vulnerabilities as their host operating system. And for God's sake, please don't use a software firewall on NT/2000. ------------
Certified in absolutely nothing
Guest_imported
New member
- Jan 1, 1970
- 0
Um i doubt that the host operating could run something as advanced as iptables (dam that leaves alot of os's HEH) with out being secure in atlease some sense of the word, and its not "software" (black ice defender? please) realy its in the kernel at os level (blated in right after the packet schedular (just where you want it to do anything usefull).
Iptables = probably one of the most flexable and solid filters out there and most importantly it can SCALE.
Iptables = probably one of the most flexable and solid filters out there and most importantly it can SCALE.
- Thread starter
- #11
Guest_imported
New member
- Jan 1, 1970
- 0
NetScreens are definately the way forward. Stable, reletively easy to configure (I wont go into dynamic peers behind another NAT-ing ISDN router....or I might cry..), ultra fast, own specific operating system. Traffic management comes as standard. Great and cheap Remote product called NetScreen Remote. NetScreen is not the cheapest option overall but it does get great write-ups and compares well to Checkpoint and Cisco. NetScreen everytime for me. Mind you I do resell them.
Why not the competition
Watchguard = Linux based not as secure as NetScreen's ScreenOS, no traffic shaping
Checkpoint on Nokia = Wonderful, hard to configure, the corporates choice.........too expensive for mere mortals. Licencing can be a mine field. You have to buy support and licences for two different products
SonicWall = Comparable to Watchguard,.....I have had problems with unreliable hardware
Cisco PIX = Heard bad reports
Kris
Why not the competition
Watchguard = Linux based not as secure as NetScreen's ScreenOS, no traffic shaping
Checkpoint on Nokia = Wonderful, hard to configure, the corporates choice.........too expensive for mere mortals. Licencing can be a mine field. You have to buy support and licences for two different products
SonicWall = Comparable to Watchguard,.....I have had problems with unreliable hardware
Cisco PIX = Heard bad reports
Kris
Hi!
For what it's worth, I've experienced great success with the ROBOX firewall appliance from GTA. I installed it a few months ago for a client in a small office environment (<25 users) with both trusted and untrusted interfaces. The bundled VPN solution with the Safenet Client has proven to be rock solid and works flawlessly. I've managed the entire device remotely, including code updates, and even have a multi-tech modem configured on its console port for out-of-band access should the firewall become unreachable (this comes in handy when the client calls and says the network is down). Even though it has some quirks (all firewalls have quirks) and there is some nomenclature that is counter-intuitive, the documentation is quite good. Support was very helpful, but is only limited to the first thirty days unless you purchase one of GTA's service contracts.
I looked at a lot of units before choosing the ROBOX. Since ROBOX is not a mainstream product, I approached its selection with some intrepidation. I strongly considered the Netscreen 5xt, but the ROBOX included the DMZ for the same price. Sonicwall and Watchguard nickel and dime you to death and seem to have as many detractors as supporters. Checkpoint was too expensive, although the V6 appliance (with Checkpoint software) from VPN dynamics was a good candidate. It was difficult to get good information out of Symantec and my past history with flaky PIX products didn't position them well on my shortlist. There are a few more out there that I considered, but when it came down to the end, ROBOX provided the best bang for the buck. If you have an application for a small office environment, I would strongly consider it.
For what it's worth, I've experienced great success with the ROBOX firewall appliance from GTA. I installed it a few months ago for a client in a small office environment (<25 users) with both trusted and untrusted interfaces. The bundled VPN solution with the Safenet Client has proven to be rock solid and works flawlessly. I've managed the entire device remotely, including code updates, and even have a multi-tech modem configured on its console port for out-of-band access should the firewall become unreachable (this comes in handy when the client calls and says the network is down). Even though it has some quirks (all firewalls have quirks) and there is some nomenclature that is counter-intuitive, the documentation is quite good. Support was very helpful, but is only limited to the first thirty days unless you purchase one of GTA's service contracts.
I looked at a lot of units before choosing the ROBOX. Since ROBOX is not a mainstream product, I approached its selection with some intrepidation. I strongly considered the Netscreen 5xt, but the ROBOX included the DMZ for the same price. Sonicwall and Watchguard nickel and dime you to death and seem to have as many detractors as supporters. Checkpoint was too expensive, although the V6 appliance (with Checkpoint software) from VPN dynamics was a good candidate. It was difficult to get good information out of Symantec and my past history with flaky PIX products didn't position them well on my shortlist. There are a few more out there that I considered, but when it came down to the end, ROBOX provided the best bang for the buck. If you have an application for a small office environment, I would strongly consider it.
- Status
Similar threads
- Locked
- Question