RE: firewall-wizards digest, Vol 1 #79 - 2 msgs appliance firewall

["Paul Gerry" <pgerry () netscreen com>]

It's always interesting to see what people call an appliance.  Nokia with
Checkpoint is a dedicated box that runs firewall software and VPN ( if the
license is purchased ).  The point is there is a hardware and software
component.  Also, to get the best VPN performance one must buy the
accelerator card for fast 3DES encryption.  A true appliance is a device
that performs firewall and VPN functions in the hardware i.e ASIC designs.
A firewall and VPN device that uses ASIC offers the bets performance for
both firewall and data encryption because it's functions are happening in
the silicon not in software.  Take a look at this URL:
http://www.commweb.com/article/COM20000912S0009


-----Original Message-----
From: firewall-wizards-admin () nfr net
[mailto:firewall-wizards-admin () nfr net]On Behalf Of
firewall-wizards-request () nfr net
Sent: Tuesday, October 10, 2000 12:01 PM
To: firewall-wizards () nfr net
Subject: firewall-wizards digest, Vol 1 #79 - 2 msgs

Send firewall-wizards mailing list submissions to
        firewall-wizards () nfr net

To subscribe or unsubscribe via the World Wide Web, visit
        http://www.nfr.net/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
        firewall-wizards-request () nfr net

You can reach the person managing the list at
        firewall-wizards-admin () nfr net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

  1. Re: Appliance firewall (Jian Zhen)
  2. RE: Appliance firewall (bnairn () Telenisus com)

--__--__--

Message: 1
Date: Mon, 9 Oct 2000 15:12:55 -0700
From: Jian Zhen <jlz () synlab com>
To: firewall-wizards () nfr net
Subject: Re: [fw-wiz] Appliance firewall

A year or two ago the Nokia's really sucked. Management are thru telnet and
http (no encryption), performance was slow, installation was difficult.

This year when we looked at nokia again (especially 3.3beta), it's alot more
clean, much better security (https + ssh), better performance, and a cleaner
overall design.

The failover solution for these two products are different but they both
work fairly well. The VRRP solution requires IGMP and multicast. Both
firewalls require (well, best to use) a separate network port for state
sync'ing for stateful failover.

The setup of PIX failover has less steps than Nokia but that doesn't really
mean much since both are very easy.

I would recommend the Nokia now if you are thinking about one.

But that's not recommending Nokia over PIX tho. FW1 and PIX has similar
technologies and it's difficult to recommend one without knowing more of
the requirements.

Yasmin Wu (yasminwu () yahoo com) [001009 14:54]:
> A year or two ago, in the blackhat session, a
> gentlement talked about appliance firewall comparison.
> CISCO PIX is one of the product compared but Nokia was
> not.
>
> When the audience asked why Nokia was not on the list,
> the speaker said that it did not meet certain
> pre-selection criteria, so it was left out.
>
> As I started to compare PIX and Nokia, it seems that
> they are on-par with each other, and actually I think
> Nokia may be a bit better because of it is a more
> mature product and in terms of failed over, it don't
> need a serial cable :-)
>
> Anyone know why the speaker in the blackhat session
> believe that Nokia is not good enough ??
> In general, anybody has any comment on the Nokia (good
> and bad) ??
>
>
> y
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr net
> http://www.nfr.net/mailman/listinfo/firewall-wizards

--
Jian L. Zhen
<jlz () synlab com>
wasaaaaaaaaaaaaaaaaaaaaaabi


--__--__--

Message: 2
From: bnairn () Telenisus com
To: yasminwu () yahoo com, firewall-wizards () nfr net
Subject: RE: [fw-wiz] Appliance firewall
Date: Mon, 9 Oct 2000 16:45:54 -0500
charset=iso-8859-1

The PIX appliance is a robust packet filter with embedded code, whereas the
Nokia has a hard drive and runs Checkpoint FW-1 over top a boiled down BSD
kernel.  That's the major difference. The Nokia was probably left out,
because the speaker felt the Nokia wasn't a "true" appliance.  I've fought
this battle before, over the NFR appliance and it's having a hard drive.

The Nokia is an excellent device and has impressive throughput.  The only
problem with the Nokia devices, 330, 440, or 650, is that chassis space is
finite. Once you begin talking about large scale firewalls, you may want to
use a Sun Enterprise class server, which is more scalable.

Last thing to note.  Intrusion.com is emerging with an appliance that looks
really good.  It may cause a war between the likes of Nokia and
Intrusion.com and Checkpoint.

Bryan

-----Original Message-----
From: Yasmin Wu [mailto:yasminwu () yahoo com]
Sent: Sunday, October 08, 2000 11:54 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Appliance firewall


A year or two ago, in the blackhat session, a
gentlement talked about appliance firewall comparison.
CISCO PIX is one of the product compared but Nokia was
not.

When the audience asked why Nokia was not on the list,
the speaker said that it did not meet certain
pre-selection criteria, so it was left out.

As I started to compare PIX and Nokia, it seems that
they are on-par with each other, and actually I think
Nokia may be a bit better because of it is a more
mature product and in terms of failed over, it don't
need a serial cable :-)

Anyone know why the speaker in the blackhat session
believe that Nokia is not good enough ??
In general, anybody has any comment on the Nokia (good
and bad) ??


y

__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards




--__--__--

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards


End of firewall-wizards
Digest_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards