[unisog] Firewalls

Steve Bernard sbernard at gmu.edu
Wed Oct 30 21:06:22 GMT 2002


I'd say it depends on what you're overall goal is and how extensively you
plan to roll firewalls out. Netscreen has really cool virtual systems
support but, their enterprise management product isn't great and, as of 4
months ago, was 2 or 3 releases behind the operating code that runs on their
devices. In other words, the enterprise management package (Global PRO),
which isn't cheap and requires an additional Oracle database server
(procured separately), supports, for example, all of the features of their
Secure OS version 3.1 but, their enterprise level boxes which have the
capacity and features that are required for LANs and big WAN pipes, use
version 4.x. (Version numbers are a rough estimation). Therefore you can
only manage some of the features on the big boxes using the "enterprise"
management server. The rest must be configured individually using the CLI.
The product seemed geared towards managing a large number of their smaller
SOHO and commuter devices rather than the enterprise/ISP space. They may
have changed tack in recent months.

I don't have experience using CheckPoint's VSX technology specifically but,
I do use many of their products. I can say that their SecurePlatform, which
is Linux based, does not yet support all of the features of their more
mature supported platforms. I strongly recommend using a Nokia appliance
running IPSO (BSD). I'm not sure how much the management server and policy
editor for VSX differ from their standard counterparts but, CheckPoint has
very good management and reporting tools overall. Of course they cost more
too but, CheckPoint had a 50% educational discount as of very recently.

Hope this helps,

Steve Bernard
Systems Engineer, NET
George Mason University

-----Original Message-----
From: Andrew W. Elble [mailto:aweits at discipline.rit.edu]
Sent: Wednesday, October 30, 2002 8:38 AM
To: unisog at sans.org
Subject: [unisog] Firewalls

Hi All!

  We've been spending some time looking into firewall solutions
for our data center (as well as other areas). We've been
investigating firewalls that support virtual systems and 802.1q
(Netscreen, Checkpoint VSX) - and wondered if anyone out there
has any experiences to share, or suggestions as to other
products that play in this space...?


Andrew W. Elble
aweits at discipline.rit.edu
Senior Network Engineer
Rochester Institute of Technology
PGP: BFAD 8461 4CCF DC95 DA2C B0EB 965B 082E 863E C912

More information about the unisog mailing list