Re: Was, RE: Firewall recommendations

[Curt Wilson <curtw () SIU EDU>]

It's been a while, but I find the Checkpoint management GUI to be far
superior to Cisco's Firewall Services Module PDM, and also better than
their ASDM, used to manage ASA firewalls. Cisco's GUI team, if they have
one, could benefit from taking a look at the Checkpoint interface that
makes management much more streamlined, the creation of groups easier,
and other time-saving features that make it easier to manage a large
firewall.


Jon Hanny wrote:
> I was an SE for Check Point Software and I believe that Check Point is a far
> superior firewall.  They have a UTM-1 firewall that is pretty inexpensive
> and comes bundled with IDS, VPN, firewall, and may even include AV by now.
> Check Point is an extremely good company and knows how to protect networks.
> They are they only company (as of last october) where both the firewall and
> manageement pieces are EAL4 certified as well.  I have used Check Point's
> products since 2000 and am a true believer.  As a side note,  the netscreen
> firewall's GUI mimics Check Points which is very easy to use. Check Point
> offers both an appliance option, or software only which runs on many HP's.
> It runs on Secure Platform which is a Check Point hardened Linux kernel
> based on RHEL 3 (might be up to RHEL 5 now).  Anyway, that is just my $.02.
>
> Respectfully,
>
> Jon Hanny, CISSP
> Applications Security Specialist
> The George Washington University
> jehanny () gwu edu
> www.gwu.edu
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Halliday,Paul
> Sent: Saturday, March 01, 2008 9:21 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Was, RE: [SECURITY] Firewall recommendations
>
> Has anyone here tried implementing a border firewall solution that is !
> commercial? Internally I rely heavily on OpenBSD's (running on FreeBSD)
> Packet filter for numerous IDS/network monitoring sensors. At the same time
> I maintain our EOL PIX 515's.
>
> I have always had a hard time understanding how the latter actually has
> market value. Is anyone doing neat stuff with free stuff?
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv on behalf of Jeff
> Holden
> Sent: Fri 2/29/2008 5:41 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Firewall recommendations
>
>
> We are looking at upgrading our campus's firewall.  We are currently using a
> pair of end of life PIX 515s.  We have been looking at the Cisco ASA and
> Juniper Netscreen products.  We are very early in our evaluation and haven't
> talked with any venders yet.  We are wondering if any other campus has been
> through this process recently and can offer any suggestions.  We are looking
> at the bandwidth they can handle, price, added features such as VPN, IDS/IPS
> functionality, likes and dislikes and any other helpful advise.    Currently
> we are a mixed Cisco and HP shop, but are open to any and all vendors
> solutions.
>
> Thanks,
> Jeff Holden, CISSP, RHCE
> Manager, Network & Data Security
> Mt. San Antonio College
> (909) 594-5611 X5017