Security Basics mailing list archives
Re: Firewall Hardware Recommendations
From: "Naren" <naren () pactech net>
Date: Wed, 31 Dec 2003 09:40:20 +0800
Hi James, I am not trying to question your working experience with WG: I work for a company who support Watchguard, apart from other products .... including Sonicwall and Borderware ... Since I started supporting Watchguard, around 2000, and may have criss-crossed about atleast 150 to 200 fireboxes / customers or more, and still supporting a majority of this number, and the scenarios you mentioned were (occasionally) showing up on the older softwares, where they used a different interface and a bit messy management GUI (SMS .. and all .. ). Since Version 4.61 - I am yet to see even any of the problems you have mentioned .. One of my customers has a large Watchguard deployment, with over 14 boxes all over Asia, and they are so impressed with the Watchguard's reliability and easy GUI and remote management capability, they have standardised on Watchguard: and in the process removing a few PIX boxes they had. They have boxes sitting in countries like PNG, Vietnam, Cambodia and all the way to LA (US). Same goes for a few MNCs, who chose WG due to it's excellent proxy-arp and a few other features which made deployments seamless ... and least troublesome .. Well, if the older version kernels were unstable, I got to say this - there is no picture perfect product from day 1: however, comparatively, Watchguard can stand up and say that they have a mature product in the Firebox series .... End of the day, perceptions differ .... above is mine ! I rest my case to you .. :-) No flaming .. and that's end of my chatter :-) Happy new year .... Naren Singapore ----- Original Message ----- From: <jamesworld () intelligencia com> To: "Shawn Jackson" <sjackson () horizonusa com> Cc: <jamesworld () intelligencia com>; "Keith Duemling" <kduemling () cox net>; <security-basics () securityfocus com> Sent: Tuesday, December 30, 2003 9:26 AM Subject: RE: Firewall Hardware Recommendations
Don't worry about the docs on the PDM. It's very intuitive. I've had 12,000+ hum through a PIX 515 without any issue. As far as the routers, you can use SDM also now. Do a search on SDM @ cisco.com WG crashes..... update a config with interface PAT and 2 of the same proxies for different subnets (HTTP or SMTP). Change a VPN key. Change/rename a PPTP users name changed the outside IP and subnet while traffic from the inside was still trying to get out. (ISP change) There have been a few others, but the details escape me at this hour.
Attachment:
InterScan_Disclaimer.txt
Description:
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Firewall Hardware Recommendations Keith Duemling (Dec 23)
- Re: Firewall Hardware Recommendations Ramsy (Dec 24)
- Re: Firewall Hardware Recommendations jamesworld (Dec 29)
- <Possible follow-ups>
- RE: Firewall Hardware Recommendations Ehab Abu Al -Khair (Dec 24)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 29)
- RE: Firewall Hardware Recommendations jamesworld (Dec 30)
- Re: Firewall Hardware Recommendations Lard van den Berg (Dec 30)
- RE: Firewall Hardware Recommendations Naren - Pactech (Dec 30)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 30)
- RE: Firewall Hardware Recommendations jamesworld (Dec 30)
- Re: Firewall Hardware Recommendations Naren (Dec 31)
- Re: Firewall Hardware Recommendations Scott M. Algatt (Dec 31)
- RE: Firewall Hardware Recommendations jamesworld (Dec 30)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 30)