Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Why not Firebox 2 (from watchguard)? (my mistake.. but please read on)

From: Wong Chun Meng <cmwong () lestertech com>
Date: Wed, 23 Jun 1999 10:04:30 +0800
I actually made a slight mistake on my post.. it was meant to be "why not
Firebox 2 (By watchguard)". I totally agree with jen in firebox 1. I
reviewed it last year at that time with other firewalls. But what about
firebox 2? Any improvements there at all? 

But foremost, my question is why don't companies use black boxes if they are
afraid their admins don't know nix/NT's OS not for security appliance etc.
IF the firewall on these black boxes is as good as say Gauntlet/Firewall-1
(or application/filtering) with load balancing, failover, vpn etc wouldn't
these boxes be selling like hot cakes? The nix market might not suffer as
much as NT would (IMHO). 

The input (I'm not getting much here) I'm asking from this group is, is
there any reason for the admin to have full scrutiny of the underlying OS
other than not trusting the vendor? I have to admit I myself want to have
some control for some tasks... but it's no biggie. Is there some task which
you absolutely need full OS control? Since mine is a small environment, my
scenario might differ from your daily admin task of larger networks. It
would be great to hear some stories :)


Wong.


-----Original Message-----
From: Jen [mailto:jen () dangerousideas com]
Sent: Wednesday, June 23, 1999 7:02 AM
To: Randall, Mark
Cc: 'Wong Chun Meng'; 'firewalls () lists gnac net'
Subject: Re: Why not watchguard 2 ? (read on)


I like the idea of appliances, too, but this particular appliance
(WatchGuard) lacks a lot of imporant features.

There are good appliances.  We're looking at Nortel's (Bay's) 
Contivity
Extranet Switches.  These devices really blow away Checkpoint for VPN
(which is what we were using previously).  They're easy to manage and
the clients work great (SecuRemote has lots of user issues).  
They allow
secure split tunneling, unlike SecuRemote (which leave the 
clients open
to connections on the Internet).  They also have lots of filtering
capabilities.  Nortel will be adding FW-1 to the switch as an 
upgrade (I
have no details on this, though).

Network Appliance has some cool products, too, but they're 
not firewall
related.

Jen
Previous By Date Next
Previous By Thread Next

Current thread: