Re: Opinions wanted...

["Kurt Buff" <kurt.buff () gmail com>]

On Nov 24, 2007 6:29 AM, ArkanoiD <ark () eltex net> wrote:
> Because firewall *IS* complex thing to operate.

Of course. As I tell people all the time - Computers are the most
complex things ever devised by mankind, and if you expect to be able
to use them at all effectively without learning a ton, you're setting
yourself up for failure and frustration.

> If you stick to
> "reasonable heuristics and defaults" as Checkpoint offers,
> your firewall is just not operated at all as its configuration
> does represent Checkpoint's view on network security policy, not
> yours. That's why i always say "if Checkpoint is ok for you,
> better get training or outsource your firewall administration
> completely". There are too many configuration issues that are
> far from being transparent and if you care exactly WHAT does
> your firewall do Checkpoint is extremely hard to operate.

Indeed. I'm hoping that my company will get the money together for
training, though if necessary I'll study it on my own - whichever way
it goes, I'll have good experience, and will learn what the company is
willing to invest in keeping me once having learned  - the more they
pay for training, the more I'm willing to stay.

The question is more about the differential between Checkpoint and
Sidewinder than any absolute measure of complexity.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards