Re: Opinions wanted...

[Dave Piscitello <dave () corecom com>]

We might be able to offer better insights if we understood why you were 
replacing your current firewalls.

Tim's comment re: common server platform is a good example of one 
motivation. In his situation, he's (presumably) confident that his 
server team can secure the underlying platform as well as an appliance 
solution (claims to) secure its product. Your motivation might be 
performance, issues with feature set of proxies, desire for an 
application level security feature you currently don't have, IPv6 
support, etc.

Nothing against VARs, but I would trust a security decision to security 
professionals. If the VAR has some and they can provide a security basis 
 to support their recommendation, terrific. If not, then money may be 
the motive and that's not always the best motive where security comes 
into play.

I'd suggest you sit with your security team and anyone in your company 
who might have some insight into long term business objectives that will 
influence security requirements (e.g., VOIP). Identify the security 
objectives the current firewall cannot satisfy. Identify any new 
security objectives you expect you'll need to satisfy for whatever 
"business horizon" you can see.

Use the list you come up with rather than a VAR's recommendation or even 
the well-intentioned suggestions from posters here. Fact is, you 
probably shouldn't share all the security requirements that might help 
us help you choose the most appropriate firewall on a mailing list anyway:-)

Timothy Shea wrote:
> IMHO - if you haven't used either platform before and only 3 firewalls  
> - either solution will require an equal amount of training to  
> understand and my guess is that the VAR who is recommending against  
> checkpoint will make more money if you buy checkpoint versus sidewinder.
>
> That being said - for your type of application I would lean toward  
> CheckPoint Secure Platform (SPLAT) versus Sidewinder or Checkpoint  
> running on Nokia and my reasoning is that I can normally use what ever  
> hardware platform my server teams support versus buying an all in one  
> appliance solution (checkpoint nokia, sidewinder).
>
> t.s
>
> On Nov 21, 2007, at 10:40 AM, Kurt Buff wrote:
>
> > All,
> >
> > I've been working with Watchguards at my current employer for quite a
> > while, but we're looking to replace them.
> >
> > We've received a recommendation from one firm for Sidewinders (a 410
> > and a couple of 110s for the branch offices).
> >
> > We've received a recommendation against the Sidewinders from another
> > firm saying that they are too complex to manage easily, and require
> > extensive training to understand - they recommend Checkpoint instead.
> >
> > Neither seems to be completely out of our price range, so it would
> > seem to come down to concerns regarding initial implementation and
> > ongoing management.
> >
> > Are the Sidewinders that much more complex than Checkpoints?
> >
> > Is one "better" (for whatever that might mean to you) than the other -
> > that is, if you have experience with both, which would you prefer, and
> > why?
> >
> > I, of course, am excited to be learning a new platform, and want to
> > move away from some of the quirkiness of the ancient Fireboxes we
> > have, but want to make a reasonable recommendation to management.
> >
> >
> > Thanks,
> >
> > Kurt
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () listserv icsalabs com
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment: dave.vcf
Description:

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards