Gauntlet End-Of-Support?

[dfoley <dfoley () fltg net>]

Foley, Denys wrote:

> Message: 5
> Date: Wed, 19 Jan 2005 20:31:03 -0600
> From: Kevin <kkadow () gmail com>
> Reply-To: Kevin <kkadow () gmail com>
> To: kkadow () msg net
> Subject: [fw-wiz] Gauntlet End-Of-Support?
>
> According to Secure Computing's web site, the "End-Of-Life" data for
> the Gauntlet 6.0 firewall was 12/31/2004:
>    http://www.securecomputing.com/index.cfm?sKey=1312#gauntlet
>
> I've seen Gauntlet support contracts terminating as far out as April
> 1st, 2005, can anybody report success in persuading SCC to extend
> support beyond spring of this year?
>
> Migrating to another hardware and software platform is not a trivial
> task.  Though we've known this was coming since February of 2002, I
> still have several applications which have worked for years through
> successive versions of Gauntlet, but die (immediately, or after
> several hours) when the firewall is replaced with a Sidewinder G2.
>
> Of these applications, the most visible to management is the Bloomberg
> terminal service;  to their credit SCC has provided us with yet
> another patch to try, but after multiple failures it's becoming very
> difficult (politically) to schedule Bloomberg "maintenance" windows.
>
> Aside from my personal interest in firewalling financial services,
> there is other research specifically suggesting that there is risk in
> not implementing strong security around Bloomberg specifically, and
> data service vendors in general:
>    http://www.frontgatesystems.com/middleframe18.htm
>
> Thanks,
>
> Kevin Kadow
>
> --__--__--
>
> Message: 6
> Date: Thu, 20 Jan 2005 12:57:41 -0800
> From: "Matt Bazan" <Mbazan () onelegal com>
> To: <firewall-wizards () honor icsalabs com>
> Subject: [fw-wiz] Once again..appliance firewall input requested
>
> Ok <takes deep breath>..I may be in need of a replacement solution for
> our current firewall appliances (two NetScreen 50s running in an active
> / passive high availability solution).  For reasons I won't get into (NS
> being purchased by Juniper?) my trust in these units has been badly
> eroded.  I'd like input on what people are using and their satisfaction
> levels with them.
>
> Our requirements:
>
>         1) We run a rapidly growing 24X7 web presence.  As our Internet
> uplink is 4Mb (ok, this will soon be going up..but only by a couple
> Mb..) we don't need a beefy packet pushing device.=20
>         2) We have 25 or so inbound NATs.  I like to have 'granular'
> control over source and dest NAT.  By this I mean being able to split
> these features based upon traffic flow and not having to create the
> typical bi-directional NAT mapping.
>         3) Need for 20 or so box-to-box VPNs.  Auto key and manual key
> with the usual VPN flavors
>         4) The basic requirements for setting policy based access (blah
> blah)
>         5) 3 interfaces (4 ideal)
>         6) High availability solution
>         6) Static routing only
>         7) Intuitive web gui
>         8) 'Robust' command line feature set
>         9) Detailed reporting
>         10) Configuration flexibility a must.  I'll leave this to your
> imagination.
>         11) Something I can setup and it will *work* *work* *work*
>         12) I'm sure there's more I'm forgetting but I'm suffering from
> NetScreen induced sleep deprivation and am tired of typing.
>         13) <=3D$15K for pair of units
>
> Thanks for the input!
>
>  
We went through this same exercise three years ago when Gauntlet was 
first bought out by NSS. 
We already had  PIX and Checkpoint along with the Gauntlets.  We decided 
to standardize on a
single architecture at that time with a very similar set of requirements 
that you have.
We added central management of all our firewalls and central logging and 
alerts and VPN capability.

What we ended doing was scrapping everything and replacing it with 
StoneGate and now manage 25 firewalls from one console.
They put Firewall, VPN and IDS/IPS into a single management console with 
a log viewer .  It generates reports that management and clients love.
The firewalls cluster right out of the box and load balance instead of 
just fail over.  Add in a content switch for server pools and the 
ability to load balance ISP's for high availability and you get a 
product that  delivers more than it claims.

Denys Foley





_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards