Firewall Wizards mailing list archives
Re: Lucent Managed Firewall
From: Graham Allan <allan () physics umn edu>
Date: Thu, 7 Sep 2000 13:16:36 -0500
I've been using the LMF for a little while. I don't claim to be any kind of firewall expert, but here are my impressions. I believe that PIX et al have some application-level awareness (for ftp etc). LMF doesn't do this. It's really an ipfilter-like approach (although if you read the docs it can offload SMTP and HTTP content checking to external proxies, at additional cost - I haven't examined those). It has some simple hooks (dependancy masks) to enable passing of weirder protocols like realaudio and H.323 (the latter I have not tried). What's nice about LMF... It operates as a bridge rather than a router. For my application, I wanted to stay out of the routing business, so that can be a plus. The management looks as if it should scale well. You can use one management server to control many LMF bricks, and delegate policy management to other users (you also have fairly good control over what you delegate and what you keep control of). The LMF Brick itself is very invisible to the network. Also the fact that the firewall is based on Inferno, which is by design somewhat resistant to buffer overflows and such software defects, is a reassuring thing (no guarantee, but a nice feature none the less). The management server itself lives behind a dedicated port of the LMF, so the NT or Solaris server it runs on is not exposed to either the world or your internal network (other than through the https management port). I guess I'm a CLI bigot by instinct, but I have no real complaints about the firewall's GUI interface. It seems to handle a 100Mbit connection without problems. We tested traffic throughput using netpipe and found it had little impact (this probably isn't a useful measurement on a firewall - number of sesssions and packets may be more relevant - but we did it for fun anyway). We found a few small quirks in the beta version of LMF 5.0. Lucent engineers were very helpful and responsive. Lucent's sales are harder to deal with, on the other hand. It has been a long hard road trying to buy anything. I hope this helps, although I'm sure there are many things I haven't addressed... Graham On Thu, Sep 07, 2000 at 08:59:48AM +0700, Surapong Singshinsuk wrote:
Hi, I'd like to have some comments+opinion about lucent managed firewall . I've seen you guys discussing about PIX, checkpoint, raptor but not LMF . Have anyone had experience with LMF?
-- ------------------------------------------------------------------------- Graham Allan - I.T. Manager - gta () umn edu - (612) 624-5040 School of Physics and Astronomy - University of Minnesota ------------------------------------------------------------------------- _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Throughput Benson Hill (Sep 05)
- Re: Firewall Throughput Darren Reed (Sep 06)
- Lucent Managed Firewall Surapong Singshinsuk (Sep 07)
- Re: Lucent Managed Firewall Graham Allan (Sep 07)
- RE: Firewall Throughput Darren Mackay (Sep 12)
- Re: Firewall Throughput Darren Reed (Sep 12)
- RE: Firewall Throughput Darren Mackay (Sep 12)
- Re: Firewall Throughput Patrick Darden (Sep 12)
- Re: Firewall Throughput Darren Reed (Sep 12)
- Re: Firewall Throughput Patrick Darden (Sep 12)
- Re: Firewall Throughput Darren Reed (Sep 13)
- Vague Negative Blah Patrick Darden (Sep 14)
- Re: Firewall Throughput Ryan Russell (Sep 14)
- RE: Firewall Throughput JVBrown (Sep 13)
- Lucent Managed Firewall Surapong Singshinsuk (Sep 07)
- Re: Firewall Throughput Darren Reed (Sep 06)