Re: Nokia firewalls

[Carric Dooley <carric () com2usa com>]

It depends on what you are trying to accomplish.  Is this and ISP with
multiple DS3's or an enterprise with a couple T1's?  For the ISP I would
probably go PIX (though the IP650's are almost as fast as a PIX box if
you are not using NAT). For the enterprise I would (more times than not,
but still, depending on what they needed) pick FW-1 on Nokia.

They are a similar approach to firewalling in that they are both
appliances.  You don't have to harden the OS.

I have heard the argument that if you are not good with IOS, PIX is a bad
idea, but I don't really agree with that.  Their GUI mgt tool is... well,
adequate.

I know both solutions have a built in HA configuration, but I have never
seen Cisco's work.  I have seen two Cisco egineers get VERY frustrated at
two PIX firwewalls configured for HA however, and these were Cisco GURUs.
On the other hand, I have configured the Nokia's myself several times,
and they just work.. without a hitch.

I definately prefer the management of both the Nokia box and FW-1 itself.
You configure all your routing, HA, firewall version, etc. through a web
browswer, then use the mgt console to build your policy defining nework
objects and services then deciding how the objects can access each other
using which services.  It's a wonderfully simple approach.

I wouldn't say one is better than the other. You have to pick the solution
that best meets your needs (IOW you will have to figure out what you need,
then decide which product meets all your needs).

Carric Dooley
COM2:Interactive Media
http://www.com2usa.com

On Wed, 18 Aug 1999, Russell Grant wrote:

> Does anyone have any information of the Nokia firewall product?
> Specifically how does it stack up against the PIX?