RE: RE: PIX vs Checkpoint vs Sonicwall vs Netscreenh

["manatworkyes moderator" <devekboy () hotmail com>]

Roger Marquis said:


> > WRT to comparisons, we've read a log of generalities but not many
> > specifics.  Is there a chart somewhere which lists the relevant
> > (read: non-marketing) features?  In particular:

In my opinion, adding the "V" sign next to a list of so-called non-marketing 
features will provide a false description. For example, lets examine some of 
the points that you've mentioned:

SSH - is it version 1 or version 2? is it possible to define list of allowed 
sources that can ssh the system?
CLI - are all the options manageable through CLI ? What about log filtering 
or reading ?
HTTP- what type of httpd the system is using ? Is it using unpatched version 
of Apache ?
SYSLOG - How logs are transfered to the syslogd ? what happens when the 
syslogd is down? what type of DOS attacks the syslog is protected from ?
TFTP - Is it truely secure (Ask CERT about it :-)

Configuration - where are RPC services ? Where are hig level protocols like 
SMTP / HTTP etc ?

I hope that i made myself clear.

DB

 Manageability:
 [] serial console?
 [] telnet/cli interface?
 [] ssh/cli interface?
 [] http/gui interface?
 [] java/gui interface?
 [] syslog support?
 [] configurable log verbosity?
 [] snmp/v2/v3?
 [] tftp backup & upgrade?
 [] text-based configuration file?
 [] multi-firewall management tools?

 Configuration:
 [] ip, tcp, udp, and icmp protocol type filtering?
 [] port-range filtering?
 [] application layer inspection  (activex, javascript, flash, im, ...)?
 [] separate ACLs for incoming and outgoing interfaces?
 [] separate ACLs for all interfaces?
 [] stateful filters?
 [] NAT/PAT/... options?
 [] tcp sequence validation?
 [] IDS support?

 Large Site:
 [] high-bandwidth options?
 [] failover?
 [] load-balancing?
 [] IPSec VPN support?
 [] interoperable IPSec VPN support?

 Support:
 [] searchable online documentation?
 [] newsgroup?
 [] 24*7*365 support?
 [] 2h phone & email support?
 [] free and/or inexpensive OS upgrades?

 Vendor Reliability:
 [] reasonable pricing?
 [] straightforward licensing?
 [] history of profitability?
 [] accounting irregularities?
 [] VC funded?
 [] long-term product support (unlike NA's pgp)?
 [] history of vulnerabilities?
 [] timely bug fixes?

 ...


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards