Firewall Wizards mailing list archives
Re: insecurity in internet connection thro cable modems
From: stefmit <stefmit () comcast net>
Date: Sun, 16 Feb 2003 18:32:59 -0600
I can second that (Netscreen ease of use & performance) - being a multinational company we started site-to-site VPNs a couple of years ago, with - initially - Checkpoint products. Along came the Netscreen, and started deployment of 100s and 25s in the medium and big sites, with multi-site-VPNs, and 5XPs in sales offices throughout the country, as well as in all continents. Flawless performance + fantastic cost + configuration within 10-15 minutes. Coming back to the initial subect: my cable-modem-based house network is right now setup as a site-to-site VPN with my company's, but - being paranoid - I did not have it setup with a LAN from the same RFC1918's we used at headquarters. I have set that one up as a sort of DMZ, between the Netscreen at my house and a "cheapo" Lynksys BEHIND the Netscreen. This way nobody at Corp is allowed to get to my LAN, as I consider that network as dangerous as any others, and without me having to spend too much time on refining the rules on the Netscreen to achieve that isolation ... works perfect. Once in a while I take out the Linksys, and plug in a dual-homed Linux IPTables, for testing purposes ... and that arrangement works great, also. Kudos to Netscreen, in the end ... My $0.02, Stef P.S. Disclaimer: no vested interest in either of the brands mentioned above. On Sunday 16 February 2003 11:39 am, Dave Mitchell wrote:
Wes, GlobalPro makes it easier to maintain a fleet of Netscreens. I'm confused as to why you feel their VPN support is lacking? I've been able to interoperate Netscreen IPSec with Cisco PIX, Cisco IOS, Checkpoint, Cisco VPN3k, FreeSWAN; just to name some. Support for preshared keys, x509 certs, ldap auth, and securid auth make me feel that Netscreen's IPSec has quite a few features, not to mention higher throughput due to their ASIC's. -dave
<snip> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- insecurity in internet connection thro cable modems ravi (Feb 07)
- Re: insecurity in internet connection thro cable modems Yvette Agostini (Feb 07)
- Re: insecurity in internet connection thro cable modems staf wagemakers (Feb 07)
- <Possible follow-ups>
- Re: insecurity in internet connection thro cable modems rob . roberson (Feb 07)
- RE: insecurity in internet connection thro cable modems Symon Thurlow (Feb 07)
- RE: insecurity in internet connection thro cable modems Chapman, Justin T (Feb 07)
- RE: insecurity in internet connection thro cable modems Perrymon, Josh L. (Feb 14)
- Re: insecurity in internet connection thro cable modems Dave Mitchell (Feb 14)
- RE: insecurity in internet connection thro cable modems Noonan, Wesley (Feb 15)
- Re: insecurity in internet connection thro cable modems Dave Mitchell (Feb 16)
- Re: insecurity in internet connection thro cable modems stefmit (Feb 18)
- Re: insecurity in internet connection thro cable modems Dave Mitchell (Feb 16)
- RE: insecurity in internet connection thro cable modems Noonan, Wesley (Feb 16)
- Re: insecurity in internet connection thro cable modems Dave Mitchell (Feb 17)
- RE: insecurity in internet connection thro cable modems Bruce Platt (Feb 16)
- RE: insecurity in internet connection thro cable modems Noonan, Wesley (Feb 16)
- RE: insecurity in internet connection thro cable modems Bruce Platt (Feb 17)
- RE: insecurity in internet connection thro cable modems Scot Hartman (Feb 17)