Firewall Wizards mailing list archives
Re: Why not watchguard 2 ? (read on)
From: Jen <jen () dangerousideas com>
Date: Mon, 21 Jun 1999 18:42:40 -0700
I'm sure Watchguard's product is okay for some small companies, but it has serious limitations if you're a larger company. Last we talked to them, they couldn't do IP forwarding (they can do port forwarding). This means that if you have two Web servers behind your firewall, you have a problem. Also, the box assumes that you want to do IP masquerading. This actually isn't bad for a some companies -- the less you can do, the less you can do wrong (there are those who will say it gives you too much false confidence, though). However, it just didn't work for us. Jen Wong Chun Meng wrote:
Seeing as the ongoing debate on "why not NT" is getting repetitive (on some points IMHO), why not use a blackbox to solve the problems of a weak/misconfigurating an OS. With a blackbox, you don't have to worry anymore on the OS (if you trust the strip down Linux OS in watchguard that is) but just the configuration of the firewall. So now we have the question, is watchguard 2 any good? Is it on par with Firewall-1 (on a solaris for nix sake) in terms of the firewall security (regardless of securing solaris ok)? I was hoping you guys can give me some input on this. As I see it, some of you guys might argue to have the ability to have some control over the OS. Why so? Is it really important to have full control of the firewall OS? I can think of one reason actually, but it's not really a big issue... so my question again, is it really essential? TIA for any input. I'm actually presenting this argument to some vendor/clients. So any comments is deeply appereciated. Wong. - [To unsubscribe, send mail to majordomo () lists gnac net with "unsubscribe firewalls" in the body of the message.]
Current thread:
- Re: Why not watchguard 2 ? (read on) Jen (Jun 21)