Educause Security Discussion mailing list archives
Re: Was, RE: Firewall recommendations
From: Curt Wilson <curtw () SIU EDU>
Date: Mon, 3 Mar 2008 09:18:52 -0600
It's been a while, but I find the Checkpoint management GUI to be far superior to Cisco's Firewall Services Module PDM, and also better than their ASDM, used to manage ASA firewalls. Cisco's GUI team, if they have one, could benefit from taking a look at the Checkpoint interface that makes management much more streamlined, the creation of groups easier, and other time-saving features that make it easier to manage a large firewall. Jon Hanny wrote:
I was an SE for Check Point Software and I believe that Check Point is a far superior firewall. They have a UTM-1 firewall that is pretty inexpensive and comes bundled with IDS, VPN, firewall, and may even include AV by now. Check Point is an extremely good company and knows how to protect networks. They are they only company (as of last october) where both the firewall and manageement pieces are EAL4 certified as well. I have used Check Point's products since 2000 and am a true believer. As a side note, the netscreen firewall's GUI mimics Check Points which is very easy to use. Check Point offers both an appliance option, or software only which runs on many HP's. It runs on Secure Platform which is a Check Point hardened Linux kernel based on RHEL 3 (might be up to RHEL 5 now). Anyway, that is just my $.02. Respectfully, Jon Hanny, CISSP Applications Security Specialist The George Washington University jehanny () gwu edu www.gwu.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Halliday,Paul Sent: Saturday, March 01, 2008 9:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Was, RE: [SECURITY] Firewall recommendations Has anyone here tried implementing a border firewall solution that is ! commercial? Internally I rely heavily on OpenBSD's (running on FreeBSD) Packet filter for numerous IDS/network monitoring sensors. At the same time I maintain our EOL PIX 515's. I have always had a hard time understanding how the latter actually has market value. Is anyone doing neat stuff with free stuff? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv on behalf of Jeff Holden Sent: Fri 2/29/2008 5:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Firewall recommendations We are looking at upgrading our campus's firewall. We are currently using a pair of end of life PIX 515s. We have been looking at the Cisco ASA and Juniper Netscreen products. We are very early in our evaluation and haven't talked with any venders yet. We are wondering if any other campus has been through this process recently and can offer any suggestions. We are looking at the bandwidth they can handle, price, added features such as VPN, IDS/IPS functionality, likes and dislikes and any other helpful advise. Currently we are a mixed Cisco and HP shop, but are open to any and all vendors solutions. Thanks, Jeff Holden, CISSP, RHCE Manager, Network & Data Security Mt. San Antonio College (909) 594-5611 X5017
Current thread:
- Was, RE: Firewall recommendations Halliday,Paul (Mar 01)
- <Possible follow-ups>
- Re: Was, RE: Firewall recommendations Jon Hanny (Mar 03)
- Re: Was, RE: Firewall recommendations Brian Epstein (Mar 03)
- Re: Was, RE: Firewall recommendations Curt Wilson (Mar 03)
- Re: Was, RE: Firewall recommendations Dan Oachs (Mar 03)