Firewall Wizards mailing list archives
RE: OT: vendors please respond
From: "Robert L. Wanamaker" <rlw () avantsystems com>
Date: Fri, 26 Sep 2003 13:28:32 -0400
But what about Microsoft ISA Server? [Sorry, couldn't resist in the context of the @Stake event] -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul Robertson Sent: Friday, September 26, 2003 11:10 AM To: admin security Mehta Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] OT: vendors please respond On 26 Sep 2003, admin security Mehta wrote:
Greetings all,
[Vendors can respond directly to the queryant, as can the legeons of faithful for $freeware products. I'll entertain interesting threads for the community on-list only.]
My company is looking for security devices for its network of branches. I posted this mail here because I need experts choice. I was in doubt whether my earlier mail is posted or not so I subscribed for this mailing list to post my query.
I've seen somewhere north of 65 different commercial firewall products up at ICSA Labs soaking up power. If there was a single firewall that was the firewall of choice, the market wouldn't support more than about 4 products.
We are looking into the following features: -stateful inspection firewall
Stateful inspection is a trademark, and limits you to two choices. You need to start with a security policy and decide which technologies support the protocols the business needs. Then choose the products that best encapsulate those features.
- support most used applications( ALGs)
Most ALGs don't spend their dev time well on state, and most stateful firewalls dont' spend their dev time well on ALGs. You're basically saying, "I'd like a vehicle capable of running in the GT race series, and I'd like to have it seat 60 children on their way to school!" Trying to pick a single product that does everything is doomed to mediocrity at best. You want multiple products. More importantly, you want to figure out what protocols you want to use which technologes for and *why*. You've got a shopping list of firewall buzzwords, and not much else. That's a poor way to choose a firewall.
- Powerful attack detection engine
This sounds like buzzworditis from a marketing brochure...
- VPN a) IPSec/IKE b) L2TP over IPSec to use WIN XP VPN client c) LDAP,SCEP d) Hub and spoke support
You really want a VPN solution for VPN stuff if you have requirements to support lots of different VPNs. Anything as complex as a VPN that's supporting that many protocols is bound to be full of implementation issues though, so don't think of it as part of the security infrastructure!
NOTE: My company prefers Indian based products.
Throwing geographic criteria on top of a laundry list of product criteria is likely to doom you to failure. Paul ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OT: vendors please respond admin security Mehta (Sep 26)
- Re: OT: vendors please respond Paul Robertson (Sep 26)
- RE: OT: vendors please respond Robert L. Wanamaker (Sep 26)
- Re: OT: vendors please respond Devdas Bhagat (Sep 26)
- Re: OT: vendors please respond Paul Robertson (Sep 26)