Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Lucent's Brick for VPN?

From: <rreiner () fscinternet com>
Date: Tue, 27 Feb 2001 13:36:33 -0500
We've had some experiecne with these -- we've recently deployed a 
network of a few dozen LMF units (Bricks) with LSMS (management server) 
for a national company.


1. How long the product has been out?


Approaching two years now.
 

2. Ease of configurablity,


With version 4.x management server software: Fair.
With version 5.0 management server software: Good.
With version 5.1 management server software: Excellent.


3. Expansibility and high availability,


Brick and mini-brick devices are not expandable.  However, sites can 
start with a mini-brick (model 80) and later transition to a full brick 
(model 201).

HA can be acheived at a basic level by subsitution of a warm spare ... 
it takes approximately 5 minutes to substitute a new Brick for a failed 
unit, and the new unit then comes up with all security policy elements 
fully in effect.  Higher levels of HA are done with external 
hardware-based HA/LB controllers -- we've had excellent results with 
the BIG/IP HA+ Enterprise units from F5.


4. Flexibility in setting up VPN tunnels,


Very good.  No major limitations.


5. Layer 2, 3 or both,


Anti-spoofing at layers 2 and 3 (note that L2 anti-spoofing is not 
available in competitive products.)

Filtering ("stateful inspection") at layers 3 up.


6. Down-sides and anything else.


In our estimation, not much downside for environments in which a 
stateful-inspection type of firewall (with limited application-proxy 
capabilities) is required.  The LMF/LSMS system is cheap (for its 
category), has extremely good price/performance, and has very desirable 
R/A/S chacteristics.

--
.
. Richard Reiner, Ph.D.
. FSC Internet Corp. / SecureXpert Labs
. 229 Yonge Street
. Toronto, Ontario
. Canada  M5B 1N9
. Tel: +1 416 921 4280, Fax: +1 416 966 2451
. rreiner () fscinternet com, http://www.fscinternet.com
.
============================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: