Security Basics mailing list archives

RE: Firewall Hardware Recommendations

From: "Naren - Pactech" <naren () pactech net>
Date: Tue, 30 Dec 2003 11:32:55 +0800

Dear all  ....

I am not trying to one-up, but Watchguard Fireboxes Series (FB 500 to FB
4500) have something called "PROXIES" with a lot of functions and
security. And it has unbeatable graphical monitoring and logging tools,
all bunlded in FOC (now .. what use is a firewall is you are not sure who
is doing what, in realtime !!!)

Note - the entry level soho are built on Stateful inspection and the
higher end V-Class are built a ASIC architecture .. I would not want to go
the specifics ...

BTW, take a look at the common-criteria certifications, and see what
technology of firewalls are getting higher scores (I hope you are well
versed with Common Criteria) 

If you can convince me that SPI or ASA is better than Application level
proxies, I will say that you are right !!!

Naren

PS: we are only a reseller, and not distributor for WG, as we also resell
other security products .. 

T. Naren 
Technical Manager - Pactech Pte Ltd., Singapore
Infocomm Security Solutions Distribution and Services
pager: +65-95778725
office: +65-62711123 fax: +65-62703919
e: naren () pactech net  w: http://www.pactech.net
address: 
Blk 211, Henderson Road, #07-02, Singapore 159552



-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Tuesday, December 30, 2003 2:03 AM
To: jamesworld () intelligencia com; Keith Duemling
Cc: security-basics () securityfocus com
Subject: RE: Firewall Hardware Recommendations



        WatchGuard more secure then PIX? Probably a sales person from
another vendor gotta love them. I've protected banks with the PIX 515 and
525 series and their rock solid. Update your Secure-IOS and maintain your
ACL's and your golden. Unlike SonicWall (maybe even WatchGuard now too)
you don't have to pay for the VPN component. A SonicWall PRO 230 + VPN
Licensees + Client Licensees = More then a PIX 515. I've heard, but never
seen, that WatchGuard in the same licensing frenzy. Can't speak
for NetScreen, I've personally tried to stay away from them, they give me
the willies, but it's been a while since I looked at them last.

        Same Q's as J. What Model? What S-IOS version? How Old, etc.
Iadmit, with head held in shame, that configuring the PIX can be a pain in
the arse, especially when you're working with the IPSEC end of a VPN
configuration and I've never setup PPTP on a PIX, but have done so on many
Cisco routers with little problems.

        Honestly, whoever sold you that load a bull needs help, no
disrespect intended but in security facts rule the digital road and
misinformation is the hazard just around the next corner.

I hope EVERYONE had a safe and uneventful Christmas + Boxing Day. Set
aside some time today to review your logs (that built up) in full before
saving them and clearing from the active log files.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: jamesworld () intelligencia com [mailto:jamesworld () intelligencia com]

Sent: Sunday, December 28, 2003 10:34 PM
To: Keith Duemling
Cc: security-basics () securityfocus com
Subject: Re: Firewall Hardware Recommendations

Keith,

Curious,  What cisco firewall do you currently have and what version OS
is 
on it?

Who told you that a WatchGuard firewall is more secure than a Cisco
firewall?

The PIX does what you are asking for.  If you have information to the 
counter, please post.

Cheers!
-J

At 19:32 12/23/2003, Keith Duemling wrote:

Just wanted to get some feedback from the list regarding some research

I'm

currently working on.  We're replacing our existing Cisco firewall with

dedicated firewall hardware/software solution to provider greater

security

and VPN access.

I've been looking at the Netscreen and various Watchguard products at

this

time.  The current environment is as follows;

- NAT environment
- DMZ to host web accessible servers
- 100 internal users
- Extensive intranet site & visitation to several high profile B2B

sites.

- Constant 10 user VPN community.
- Redundant T1 connection managed by RADware Linkproof hardware

solution.


Any recommendations would be greatly appreciated.  Thanks in advance.

Keith Duemling
MCP



-----------------------------------------------------------------------

----

-----------------------------------------------------------------------

-----


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--

Attachment: InterScan_Disclaimer.txt
Description:

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Firewall Hardware Recommendations Keith Duemling (Dec 23)
- Re: Firewall Hardware Recommendations Ramsy (Dec 24)
- Re: Firewall Hardware Recommendations jamesworld (Dec 29)
- <Possible follow-ups>
- RE: Firewall Hardware Recommendations Ehab Abu Al -Khair (Dec 24)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 29)
  - RE: Firewall Hardware Recommendations jamesworld (Dec 30)
  - Re: Firewall Hardware Recommendations Lard van den Berg (Dec 30)
  - RE: Firewall Hardware Recommendations Naren - Pactech (Dec 30)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 30)
  - RE: Firewall Hardware Recommendations jamesworld (Dec 30)
    - Re: Firewall Hardware Recommendations Naren (Dec 31)
    - Re: Firewall Hardware Recommendations Scott M. Algatt (Dec 31)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 30)