Re: Why not watchguard 2 ? (read on)

[Jen <jen () dangerousideas com>]

I'm sure Watchguard's product is okay for some small companies, but it
has serious limitations if you're a larger company.  Last we talked to
them, they couldn't do IP forwarding (they can do port forwarding). This
means that if you have two Web servers behind your firewall, you have a
problem.  Also, the box assumes that you want to do IP masquerading.

This actually isn't bad for a some companies -- the less you can do, the
less you can do wrong (there are those who will say it gives you too
much false confidence, though).  However, it just didn't work for us.

Jen


Wong Chun Meng wrote:
> Seeing as the ongoing debate on "why not NT" is getting repetitive (on some
> points IMHO), why not use a blackbox to solve the problems of a
> weak/misconfigurating an OS. With a blackbox, you don't have to worry
> anymore on the OS (if you trust the strip down Linux OS in watchguard that
> is) but just the configuration of the firewall. So now we have the question,
> is watchguard 2 any good? Is it on par with Firewall-1 (on a solaris for nix
> sake) in terms of the firewall security (regardless of securing solaris ok)?
> I was hoping you guys can give me some input on this.
>
> As I see it, some of you guys might argue to have the ability to have some
> control over the OS. Why so? Is it really important to have full control of
> the firewall OS? I can think of one reason actually, but it's not really a
> big issue... so my question again, is it really essential?
>
> TIA for any input. I'm actually presenting this argument to some
> vendor/clients. So any comments is deeply appereciated.
>
> Wong.
>
> -
> [To unsubscribe, send mail to majordomo () lists gnac net with
> "unsubscribe firewalls" in the body of the message.]