Firewall Wizards mailing list archives

Re: FW-1 running on Trusted Solaris 2.5 ?

From: Bennett Todd <bet () rahul net>
Date: Mon, 29 Sep 1997 11:07:38 -0700

On Mon, Sep 29, 1997 at 09:14:52AM -0800, Dexter D. Laggui wrote:

It has been said that Trusted Solaris (Orange Book B2-level) runs Off-The-
Shelf software.


I'd guess that that claim is probably reasonable, for most cases of
"Off-The-Shelf software". However...

Would it then be able to run Checkpoint FW-1 ?


Probably not, since the all the meat of the Checkpoint lies down below the IP
stack. If it does run it, you get no advantage from having the B2 features,
since the Checkpoint lies below them. This is one of the things that some
firewall experts don't like about it --- most of its real meat is in very very
low-level code, in a hard-to-debug and hard-to-modify language (state
transition tables).

If on the other hand you went for a hybrid or purely proxy solution, the proxy
bits could be elegantly reinforced by the B2 features; this is the selling
point of the BDM Cybershield, a firewall based on DG's B2 Unix.

-Bennett

Current thread:

FW-1 running on Trusted Solaris 2.5 ? Dexter D. Laggui (Sep 28)
- Re: FW-1 running on Trusted Solaris 2.5 ? Marcus J. Ranum (Sep 28)
- Re: FW-1 running on Trusted Solaris 2.5 ? Jyri Kaljundi (Sep 29)
- Re: FW-1 running on Trusted Solaris 2.5 ? Rudolf Schreiner (Sep 29)
- Re: FW-1 running on Trusted Solaris 2.5 ? Bennett Todd (Sep 30)