Re:IBM secureway firewall

[Peter Bruderer <brudy () bruderer-research com>]

If I hear IBM secureway firewall, I think Jurassic Park.

The IBM Secure Network Gateway was quite a reasonable product back in 1992. It 
was basically a packetfilter with a few proxy features. That product was 
actually the trigger for me to use qmail. It did not have a properly working 
SMTP gateway. Up to version 2.2 you could manage the filters using vi. 

Starting with version 3, there was a Java based GUI which was just user 
unfriendly, slow, ... and you had to install X-Windows on the firewall 
machine. It was no longer possible just to edit the rulebase and to restart 
the firewall software. What else? NAT? After a couple of fixes it was somehow 
working. To establish a reasonable rulebase, you had to spend working about 3 
days with the GUI. The default rulebase was unusable. That was in 1997. 

BTW the mail gateway was still unusable, the http proxy did not work properly 
and the SOCKS configuration was "advanced".

1998 was a great relief. I stopped working for IBM. So I could stop telling 
everyone, how good this product really is.

Last year, I had to review an IBM secureway firewall. And what a surprise! It 
is still very complicated to configure and the look and feel is still the 
same as back in 1997. 

-- 
  Peter Bruderer                 mailto:brudy () bruderer-research com
  Bruderer Research GmbH                      Tel ++41 52 620 26 53
  IT Security Services                        Fax ++41 52 620 26 54
  CH-8200 Schaffhausen             http://www.bruderer-research.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards