Re: Was, RE: Firewall recommendations

[Jon Hanny <jehanny () GWU EDU>]

I was an SE for Check Point Software and I believe that Check Point is a far
superior firewall.  They have a UTM-1 firewall that is pretty inexpensive
and comes bundled with IDS, VPN, firewall, and may even include AV by now.
Check Point is an extremely good company and knows how to protect networks.
They are they only company (as of last october) where both the firewall and
manageement pieces are EAL4 certified as well.  I have used Check Point's
products since 2000 and am a true believer.  As a side note,  the netscreen
firewall's GUI mimics Check Points which is very easy to use. Check Point
offers both an appliance option, or software only which runs on many HP's.
It runs on Secure Platform which is a Check Point hardened Linux kernel
based on RHEL 3 (might be up to RHEL 5 now).  Anyway, that is just my $.02.

Respectfully,

Jon Hanny, CISSP
Applications Security Specialist
The George Washington University
jehanny () gwu edu
www.gwu.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Halliday,Paul
Sent: Saturday, March 01, 2008 9:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Was, RE: [SECURITY] Firewall recommendations

Has anyone here tried implementing a border firewall solution that is !
commercial? Internally I rely heavily on OpenBSD's (running on FreeBSD)
Packet filter for numerous IDS/network monitoring sensors. At the same time
I maintain our EOL PIX 515's.

I have always had a hard time understanding how the latter actually has
market value. Is anyone doing neat stuff with free stuff?

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv on behalf of Jeff
Holden
Sent: Fri 2/29/2008 5:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Firewall recommendations


We are looking at upgrading our campus's firewall.  We are currently using a
pair of end of life PIX 515s.  We have been looking at the Cisco ASA and
Juniper Netscreen products.  We are very early in our evaluation and haven't
talked with any venders yet.  We are wondering if any other campus has been
through this process recently and can offer any suggestions.  We are looking
at the bandwidth they can handle, price, added features such as VPN, IDS/IPS
functionality, likes and dislikes and any other helpful advise.    Currently
we are a mixed Cisco and HP shop, but are open to any and all vendors
solutions.

Thanks,
Jeff Holden, CISSP, RHCE
Manager, Network & Data Security
Mt. San Antonio College
(909) 594-5611 X5017