Security Basics mailing list archives
RE: Firewall Hardware Recommendations
From: "Naren - Pactech" <naren () pactech net>
Date: Tue, 30 Dec 2003 11:32:55 +0800
Dear all .... I am not trying to one-up, but Watchguard Fireboxes Series (FB 500 to FB 4500) have something called "PROXIES" with a lot of functions and security. And it has unbeatable graphical monitoring and logging tools, all bunlded in FOC (now .. what use is a firewall is you are not sure who is doing what, in realtime !!!) Note - the entry level soho are built on Stateful inspection and the higher end V-Class are built a ASIC architecture .. I would not want to go the specifics ... BTW, take a look at the common-criteria certifications, and see what technology of firewalls are getting higher scores (I hope you are well versed with Common Criteria) If you can convince me that SPI or ASA is better than Application level proxies, I will say that you are right !!! Naren PS: we are only a reseller, and not distributor for WG, as we also resell other security products .. T. Naren Technical Manager - Pactech Pte Ltd., Singapore Infocomm Security Solutions Distribution and Services pager: +65-95778725 office: +65-62711123 fax: +65-62703919 e: naren () pactech net w: http://www.pactech.net address: Blk 211, Henderson Road, #07-02, Singapore 159552 -----Original Message----- From: Shawn Jackson [mailto:sjackson () horizonusa com] Sent: Tuesday, December 30, 2003 2:03 AM To: jamesworld () intelligencia com; Keith Duemling Cc: security-basics () securityfocus com Subject: RE: Firewall Hardware Recommendations WatchGuard more secure then PIX? Probably a sales person from another vendor gotta love them. I've protected banks with the PIX 515 and 525 series and their rock solid. Update your Secure-IOS and maintain your ACL's and your golden. Unlike SonicWall (maybe even WatchGuard now too) you don't have to pay for the VPN component. A SonicWall PRO 230 + VPN Licensees + Client Licensees = More then a PIX 515. I've heard, but never seen, that WatchGuard in the same licensing frenzy. Can't speak for NetScreen, I've personally tried to stay away from them, they give me the willies, but it's been a while since I looked at them last. Same Q's as J. What Model? What S-IOS version? How Old, etc. Iadmit, with head held in shame, that configuring the PIX can be a pain in the arse, especially when you're working with the IPSEC end of a VPN configuration and I've never setup PPTP on a PIX, but have done so on many Cisco routers with little problems. Honestly, whoever sold you that load a bull needs help, no disrespect intended but in security facts rule the digital road and misinformation is the hazard just around the next corner. I hope EVERYONE had a safe and uneventful Christmas + Boxing Day. Set aside some time today to review your logs (that built up) in full before saving them and clearing from the active log files. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: jamesworld () intelligencia com [mailto:jamesworld () intelligencia com] Sent: Sunday, December 28, 2003 10:34 PM To: Keith Duemling Cc: security-basics () securityfocus com Subject: Re: Firewall Hardware Recommendations Keith, Curious, What cisco firewall do you currently have and what version OS is on it? Who told you that a WatchGuard firewall is more secure than a Cisco firewall? The PIX does what you are asking for. If you have information to the counter, please post. Cheers! -J At 19:32 12/23/2003, Keith Duemling wrote:
Just wanted to get some feedback from the list regarding some research
I'm
currently working on. We're replacing our existing Cisco firewall with
a
dedicated firewall hardware/software solution to provider greater
security
and VPN access. I've been looking at the Netscreen and various Watchguard products at
this
time. The current environment is as follows; - NAT environment - DMZ to host web accessible servers - 100 internal users - Extensive intranet site & visitation to several high profile B2B
sites.
- Constant 10 user VPN community. - Redundant T1 connection managed by RADware Linkproof hardware
solution.
Any recommendations would be greatly appreciated. Thanks in advance. Keith Duemling MCP -----------------------------------------------------------------------
----
-----------------------------------------------------------------------
----- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- -------------------------------------------------------------------------- - -------------------------------------------------------------------------- --
Attachment:
InterScan_Disclaimer.txt
Description:
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Firewall Hardware Recommendations Keith Duemling (Dec 23)
- Re: Firewall Hardware Recommendations Ramsy (Dec 24)
- Re: Firewall Hardware Recommendations jamesworld (Dec 29)
- <Possible follow-ups>
- RE: Firewall Hardware Recommendations Ehab Abu Al -Khair (Dec 24)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 29)
- RE: Firewall Hardware Recommendations jamesworld (Dec 30)
- Re: Firewall Hardware Recommendations Lard van den Berg (Dec 30)
- RE: Firewall Hardware Recommendations Naren - Pactech (Dec 30)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 30)
- RE: Firewall Hardware Recommendations jamesworld (Dec 30)
- Re: Firewall Hardware Recommendations Naren (Dec 31)
- Re: Firewall Hardware Recommendations Scott M. Algatt (Dec 31)
- RE: Firewall Hardware Recommendations jamesworld (Dec 30)
- RE: Firewall Hardware Recommendations Shawn Jackson (Dec 30)