Re: VPN and firewalls

["Steve Goldhaber" <goldy () compatible com>]

> Date:          Fri, 6 Feb 1998 09:45:31 -0700 (MST)
> From:          Rik Farrow  <rik () spirit com>
> To:            firewall-wizards () nfr net
> Subject:       VPN and firewalls

> I am curious about why people are choosing VPN solutions which
> are independent of firewalls, for example, Aventail or TimeStep.  

Here are a few reasons from our customer base:

1) Current firewall didn't have VPN and they didn't want to change 
   the firewall.
2) Free client and/or free upgrades.
3) VPN becomes part of the firewall (a firewall doesn't have to be a 
    single machine) so selecting each component separately gives 
    flexibility and easier access to upgrades (I can upgrade the 
    filtering without touching the VPN or vice versa).
4) Customer has many sites with different firewalls and wants to have 
    easier management of the VPN.

> Do people poke these streams through their firewalls?

Yes although for our products, the hole goes only to the VPN 
device(s) which is(are) virtually part of the firewall so the 
security perimeter is maintained.

> Is it a matter of performance?

Not in my experience.
 
> Why pay extra for VPN capability which is already included in many firewalls?

Reasons 1 and 4 above.
 
 

Steve Goldhaber               Compatible Systems
goldy () compatible com          http://www.compatible.com
(303) 444-9532