Firewall Wizards mailing list archives
Re: firewall-wizards digest, Vol 1 #329 - 3 msgs
From: Bill Van Emburg <bve () quadrix com>
Date: Mon, 20 Aug 2001 23:40:01 -0400
From: Gene De Libero <gene () sne com> Subject: [fw-wiz] WatchGuard Firebox Info Hi, Group. Does anyone have any experience with these boxes? I'm trying to get feedback before making a purchase. I'm also looking at Nokia IP330/CheckPoint. I've used both the WatchGuard and Nokia products, but wonder what other people's experiences have been like.
Yes, I really like WatchGuard Fireboxes a lot. They are probably the best cross I've found between security, price and functionality. They are particularly well-suited for firewalling a company's internal network, due to the built in proxies, especially the ability to filter specific MIME types in HTTP and SMTP traffic. They support VPNs and are easy to configure. In some ways, they are more functional than Checkpoint, and I think the implemetation is cleaner. They certainly are much cheaper. On the downside, when you download a new config to them, they have to reboot. This is a real hassle! Also, the enterprise configuration software is very expensive. The regular configuration software is good enough for most purposes, though. I've implemented these boxes for a number of clients. I would almost always choose WatchGuard over Checkpoint. Another good firewall to consider is Netscreen, which is mentioned in some other posts to this list recently. Also a pretty good firewall, but younger than WatchGuard, and lacking the proxies. Netscreen's advantage is very high throughput -- it will handle more traffic than WatchGuard, Checkpoint, or pretty much anyone else. It's management interface is consistent across the entire product line. It's form factor is great for data centers -- just 1U! It's functionality is quite similar to Checkpoint -- it's also a packet filter. The only thing Checkpoint has on almost everyone else (except for a few free firewall tools I've seen) is truely stateful packet filtering. (By this I mean things like only allowing the reply packet to a DNS query, and blocking other DNS packets coming inbound.) By way of disclosure, I have sold, installed and maintained all three of these firewalls, but I do not work for any of these companies. My company is in the business of finding the right solution for our customers, then implementing and maintaining it on an ongoing basis. Remember, different solutions may be more appropriate for different customers! -- -- Bill Van Emburg Quadrix Solutions, Inc. (mailto:bve () quadrix com) (http://quadrix.com) The eBusiness Solutions Company _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards digest, Vol 1 #329 - 3 msgs Bill Van Emburg (Aug 22)