Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Opinions wanted...

From: "Kurt Buff" <kurt.buff () gmail com>
Date: Sun, 25 Nov 2007 12:36:10 -0800
On Nov 23, 2007 6:54 AM, Chris Blask <chris () blask org> wrote:

Hey Kurt!


<snip>


The real answer is "whatever work for you is best", but
I'll toss my opinions on the plate for what they are worth.
 Keep in mind that I don't actually manage any of these
things, so others on the list will have more tactical
thoughts than I do.


That's always the correct answer - but since I have experience with
none of them, and can't peer into the future, I'm asking questions. :)


o  Sidewinder has arguably the "best security" if you can
figure it out.  It's a true security geek's firewall,
application proxies and roots deep in US gov't use.  Still
popular afaik among military types and hard-core technical
users.

o  Checkpoint can also be as complicated as you like, but
by nature a simpler firewall with a much larger user base
and more intended for the Great Unwashed.  While I spent a
decade being their #1 competitor, I have always said that
anyone would be fine choosing them if they wanted to.

o  If you want something reliable and hard to screw up I'd
recommend PIX (call it ASA if you like), functionally much
like WG and with all the advantages of being supported by
The Borg. Your employers are much more likely to find a
replacement for you who knows Cisco inside out than someone
who knows Sidewinder, and marginally more so than CP
(whether you find that to be good or bad is your call...).

I'm rife with biases here, so take it for what it is worth.


Thanks. While I have no opinion on PIS/ASA, due to lack of experience
with them, I wonder about the cost/benefit ratio, as I've found Cisco
equipment usually rather pricier than I wanted for the value received.
And, I'm sure the VARs recommending Checkpoint and Sidewinder have
their own axes to grind as well, but for now those are the two under
consideration, and muddying the waters with Cisco is just going to
slow down the process.

Thanks for the insight.

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: