Firewall Wizards mailing list archives
Re: Opinions wanted...
From: Dave Piscitello <dave () corecom com>
Date: Fri, 23 Nov 2007 18:06:33 -0500
We might be able to offer better insights if we understood why you were replacing your current firewalls.
Tim's comment re: common server platform is a good example of one motivation. In his situation, he's (presumably) confident that his server team can secure the underlying platform as well as an appliance solution (claims to) secure its product. Your motivation might be performance, issues with feature set of proxies, desire for an application level security feature you currently don't have, IPv6 support, etc.
Nothing against VARs, but I would trust a security decision to security professionals. If the VAR has some and they can provide a security basis to support their recommendation, terrific. If not, then money may be the motive and that's not always the best motive where security comes into play.
I'd suggest you sit with your security team and anyone in your company who might have some insight into long term business objectives that will influence security requirements (e.g., VOIP). Identify the security objectives the current firewall cannot satisfy. Identify any new security objectives you expect you'll need to satisfy for whatever "business horizon" you can see.
Use the list you come up with rather than a VAR's recommendation or even the well-intentioned suggestions from posters here. Fact is, you probably shouldn't share all the security requirements that might help us help you choose the most appropriate firewall on a mailing list anyway:-)
Timothy Shea wrote:
IMHO - if you haven't used either platform before and only 3 firewalls - either solution will require an equal amount of training to understand and my guess is that the VAR who is recommending against checkpoint will make more money if you buy checkpoint versus sidewinder.That being said - for your type of application I would lean toward CheckPoint Secure Platform (SPLAT) versus Sidewinder or Checkpoint running on Nokia and my reasoning is that I can normally use what ever hardware platform my server teams support versus buying an all in one appliance solution (checkpoint nokia, sidewinder).t.s On Nov 21, 2007, at 10:40 AM, Kurt Buff wrote:All, I've been working with Watchguards at my current employer for quite a while, but we're looking to replace them. We've received a recommendation from one firm for Sidewinders (a 410 and a couple of 110s for the branch offices). We've received a recommendation against the Sidewinders from another firm saying that they are too complex to manage easily, and require extensive training to understand - they recommend Checkpoint instead. Neither seems to be completely out of our price range, so it would seem to come down to concerns regarding initial implementation and ongoing management. Are the Sidewinders that much more complex than Checkpoints? Is one "better" (for whatever that might mean to you) than the other - that is, if you have experience with both, which would you prefer, and why? I, of course, am excited to be learning a new platform, and want to move away from some of the quirkiness of the ancient Fireboxes we have, but want to make a reasonable recommendation to management. Thanks, Kurt _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Attachment:
dave.vcf
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Opinions wanted... Kurt Buff (Nov 23)
- Re: Opinions wanted... Timothy Shea (Nov 23)
- Re: Opinions wanted... Dave Piscitello (Nov 23)
- Re: Opinions wanted... Kurt Buff (Nov 25)
- Re: Opinions wanted... Kurt Buff (Nov 25)
- Re: Opinions wanted... dlang (Nov 25)
- Re: Opinions wanted... Dave Piscitello (Nov 23)
- Re: Opinions wanted... ArkanoiD (Nov 25)
- Re: Opinions wanted... Kurt Buff (Nov 25)
- Re: Opinions wanted... Chris Blask (Nov 25)
- Re: Opinions wanted... Cat Okita (Nov 25)
- Re: Opinions wanted... Kurt Buff (Nov 25)
- <Possible follow-ups>
- Re: Opinions wanted... dlang (Nov 26)
- Re: Opinions wanted... Timothy Shea (Nov 23)