Re: Was, RE: Firewall recommendations

[Brian Epstein <bepstein () IAS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/03/2008 08:54 AM, Jon Hanny wrote:
| I was an SE for Check Point Software and I believe that Check Point is
a far
| superior firewall.  They have a UTM-1 firewall that is pretty inexpensive
| and comes bundled with IDS, VPN, firewall, and may even include AV by now.
| Check Point is an extremely good company and knows how to protect
networks.
| They are they only company (as of last october) where both the
firewall and
| manageement pieces are EAL4 certified as well.  I have used Check Point's
| products since 2000 and am a true believer.  As a side note,  the
netscreen
| firewall's GUI mimics Check Points which is very easy to use. Check Point
| offers both an appliance option, or software only which runs on many HP's.
| It runs on Secure Platform which is a Check Point hardened Linux kernel
| based on RHEL 3 (might be up to RHEL 5 now).  Anyway, that is just my
$.02.

We use Checkpoint Firewall-1.  Their latest release, R65, still runs on
RHEL3.  It is a good firewall, I've been relatively happy with it.

I have run into some issues which may be just configuration issues on my
end.  Specifically, Netflix Watch It Now does not work.  We've also had
issues with iChat and other H323 or SIP based protocols.  Skype works
great, but other things have been difficult if not impossible to setup.

We use a failover setup that has been really good.  For the most part,
I've been a happy customer.

Thanks,
Brian

- --
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Network and Security Officer            Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHzAw6YRdMJQNxwSoRAjtRAJoDC7fPZE7hqT7O/+/EakSWI89xIwCeKZos
pgUC6eePug/+4uFwGfwsqHg=
=8fTg
-----END PGP SIGNATURE-----