Re: Firewall recommendations?

["Ivan Coric" <ivan.coric () workcoverqld com au>]

Hi,
I have exposure to all the FW products you have listed in a commercial
environment. One that you have missed, and really should consider is
netscreen. http://www.netscreen.com/main.html 

I, personally would ISA as a proxy, only a proxy, sitting behind a
firewall of some sort.

- CheckPoint - big $$, need to really know what yr doing when
configuring. I like it
- Cisco PIX - do you know cisco command line? if not forget it. The GUI
is a after thought and you cannot configure everything from the GUI
- Netscreen - easy configuration, reasonable priced, great features
- linux ipchains - is a packet filter, use iptables its stateful. You
really need to know what yr doing with this, its no easy task, but its
free!

If you want any further info contact me off list

cheers


Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

> > > <rdusek () myway com> 03/07/03 06:04am >>>


I am in charge of researching a firewall to replace what we currently 
have.  At my previous job I had used Microsoft ISA in a low-security 
environment, and was happy with its features, and its integration with

the Windows environment there.  However, at my current job, security is
a 
much greater concern, and I have to admit, I am somewhat uneasy running
a 
Microsoft firewall product on top of a Microsoft OS. We also had 
investigated Checkpoint as well as Cisco Pix, and found that for our 
needs, the Pix at least seemed to need _many_ separate components for
the 
same functionality. My question is what are your experiences with using

ISA from a security standpoint? Usability issues? From the Mac end? Or

would we be better off pursuing the Checkpoint or the Pix solution? We

also plan on implementing VPN over whatever we choose, so if you 
recommend something other than these, it should support at least PPTP
and 
perhaps eventually IPSec/L2TP.  We have also considered placing ISA 
behind a Linux (or BSD) IP Chains firewall and our perimeter network to

block some of the traffic from getting to ISA. Any comments here?
Thanks 
to everybody in advance!





***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose only
and are to be kept confidential at all times. This message may contain
privileged information directed only to the intended addressee/s.
Accidental receipt of this information should be deleted promptly
and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************