Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: firewall-wizards digest, Vol 1 #329 - 3 msgs

From: Bill Van Emburg <bve () quadrix com>
Date: Mon, 20 Aug 2001 23:40:01 -0400
From: Gene De Libero <gene () sne com>
Subject: [fw-wiz] WatchGuard Firebox Info

Hi, Group.

Does anyone have any experience with these boxes? I'm trying to get
feedback before making a purchase. I'm also looking at Nokia
IP330/CheckPoint. I've used both the WatchGuard and Nokia products, but
wonder what other people's experiences have been like.



Yes, I really like WatchGuard Fireboxes a lot.  They are probably the
best cross I've found between security, price and functionality.  They
are particularly well-suited for firewalling a company's internal
network, due to the built in proxies, especially the ability to filter
specific MIME types in HTTP and SMTP traffic.  They support VPNs and are
easy to configure.  In some ways, they are more functional than
Checkpoint, and I think the implemetation is cleaner.  They certainly
are much cheaper.

On the downside, when you download a new config to them, they have to
reboot.  This is a real hassle!  Also, the enterprise configuration
software is very expensive.  The regular configuration software is good
enough for most purposes, though.  I've implemented these boxes for a
number of clients.  I would almost always choose WatchGuard over
Checkpoint.

Another good firewall to consider is Netscreen, which is mentioned in
some other posts to this list recently.  Also a pretty good firewall,
but younger than WatchGuard, and lacking the proxies.  Netscreen's
advantage is very high throughput -- it will handle more traffic than
WatchGuard, Checkpoint, or pretty much anyone else.  It's management
interface is consistent across the entire product line.  It's form
factor is great for data centers -- just 1U!  It's functionality is
quite similar to Checkpoint -- it's also a packet filter.  The only
thing Checkpoint has on almost everyone else (except for a few free
firewall tools I've seen) is truely stateful packet filtering.  (By this
I mean things like only allowing the reply packet to a DNS query, and
blocking other DNS packets coming inbound.)

By way of disclosure, I have sold, installed and maintained all three of
these firewalls, but I do not work for any of these companies.  My
company is in the business of finding the right solution for our
customers, then implementing and maintaining it on an ongoing basis. 
Remember, different solutions may be more appropriate for different
customers!
-- 

                                     -- Bill Van Emburg
                                        Quadrix Solutions, Inc.
                                        (mailto:bve () quadrix com)
                                        (http://quadrix.com)
                                        The eBusiness Solutions Company
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: