Firewall Wizards mailing list archives
Gauntlet End-Of-Support?
From: dfoley <dfoley () fltg net>
Date: Sun, 23 Jan 2005 17:10:44 -0500
Foley, Denys wrote:
We went through this same exercise three years ago when Gauntlet was first bought out by NSS. We already had PIX and Checkpoint along with the Gauntlets. We decided to standardize on a single architecture at that time with a very similar set of requirements that you have. We added central management of all our firewalls and central logging and alerts and VPN capability.Message: 5 Date: Wed, 19 Jan 2005 20:31:03 -0600 From: Kevin <kkadow () gmail com> Reply-To: Kevin <kkadow () gmail com> To: kkadow () msg net Subject: [fw-wiz] Gauntlet End-Of-Support? According to Secure Computing's web site, the "End-Of-Life" data for the Gauntlet 6.0 firewall was 12/31/2004: http://www.securecomputing.com/index.cfm?sKey=1312#gauntlet I've seen Gauntlet support contracts terminating as far out as April 1st, 2005, can anybody report success in persuading SCC to extend support beyond spring of this year? Migrating to another hardware and software platform is not a trivial task. Though we've known this was coming since February of 2002, I still have several applications which have worked for years through successive versions of Gauntlet, but die (immediately, or after several hours) when the firewall is replaced with a Sidewinder G2. Of these applications, the most visible to management is the Bloomberg terminal service; to their credit SCC has provided us with yet another patch to try, but after multiple failures it's becoming very difficult (politically) to schedule Bloomberg "maintenance" windows. Aside from my personal interest in firewalling financial services, there is other research specifically suggesting that there is risk in not implementing strong security around Bloomberg specifically, and data service vendors in general: http://www.frontgatesystems.com/middleframe18.htm Thanks, Kevin Kadow --__--__-- Message: 6 Date: Thu, 20 Jan 2005 12:57:41 -0800 From: "Matt Bazan" <Mbazan () onelegal com> To: <firewall-wizards () honor icsalabs com> Subject: [fw-wiz] Once again..appliance firewall input requested Ok <takes deep breath>..I may be in need of a replacement solution for our current firewall appliances (two NetScreen 50s running in an active / passive high availability solution). For reasons I won't get into (NS being purchased by Juniper?) my trust in these units has been badly eroded. I'd like input on what people are using and their satisfaction levels with them. Our requirements: 1) We run a rapidly growing 24X7 web presence. As our Internet uplink is 4Mb (ok, this will soon be going up..but only by a couple Mb..) we don't need a beefy packet pushing device.=20 2) We have 25 or so inbound NATs. I like to have 'granular' control over source and dest NAT. By this I mean being able to split these features based upon traffic flow and not having to create the typical bi-directional NAT mapping. 3) Need for 20 or so box-to-box VPNs. Auto key and manual key with the usual VPN flavors 4) The basic requirements for setting policy based access (blah blah) 5) 3 interfaces (4 ideal) 6) High availability solution 6) Static routing only 7) Intuitive web gui 8) 'Robust' command line feature set 9) Detailed reporting 10) Configuration flexibility a must. I'll leave this to your imagination. 11) Something I can setup and it will *work* *work* *work* 12) I'm sure there's more I'm forgetting but I'm suffering from NetScreen induced sleep deprivation and am tired of typing. 13) <=3D$15K for pair of units Thanks for the input!
What we ended doing was scrapping everything and replacing it with StoneGate and now manage 25 firewalls from one console. They put Firewall, VPN and IDS/IPS into a single management console with a log viewer . It generates reports that management and clients love. The firewalls cluster right out of the box and load balance instead of just fail over. Add in a content switch for server pools and the ability to load balance ISP's for high availability and you get a product that delivers more than it claims.
Denys Foley _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Gauntlet End-Of-Support? Kevin (Jan 21)
- <Possible follow-ups>
- Gauntlet End-Of-Support? dfoley (Jan 24)