|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: 3Com / Checkpoint strength comparison
From: Jesus Gonzalez (jgonzalez
nccf.org)Date: Mon Oct 23 2000 - 16:30:30 CDT
- Next message: Tomas Huynh: "Re: Linux Firewall!"
- Previous message: David Loysen: "RE: Dual firewall question"
- Maybe in reply to: Geoff Bonallack: "3Com / Checkpoint strength comparison"
- Maybe reply: Jesus Gonzalez: "RE: 3Com / Checkpoint strength comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Another thing I would add is that I've seen these appliances slow things
down a bit. I can't really tell why, but there seems to be some inital
latency that didn't exist before. I would imagine that a small 20 person
office wouldn't notice it too much, and maybe i wouldn't either if I wasn't
so darned anal about my connection speeds. These things just bother me, and
with no explanation, all the more.
-Jesus
-----Original Message-----
From: Frederick M Avolio [mailto:fredavolio.com]
Sent: Thursday, October 19, 2000 10:19 AM
To: Geoff Bonallack; List: Firewall
Subject: Re: 3Com / Checkpoint strength comparison
>We have a couple of options, one being a cheap all-in-one box (3Com
>Officeconnect Internet Firewall DMZ), the other being a more expensive (by
a
>factor of 4) hardware / software combination (Checkpoint VPN-1 with a PDS
>2100).
>
>My question is, does anyone have a compelling reason to go with the
Checkpoint
>VPN-1 solution vs the very cheap, all-in-one 3Com solution? I can't find
>enough product literature to know whether the 3Com box supports everything
we
>need; it doesn't seem to be application-level at all, but just stateful IP
>inspection. I don't want to lock us into a solution that will crimp our
>network, and which will prevent us getting the security and outside access
we
>need.
Three comments:
1. Is it really stateful inspection? I've known so-called stateful
inspection firewalls that were really dynamic packet filters. There *is* a
difference.
2. There are many other other small office solutions out there, some of
which are certified against test criteria (Checkmark or ICSA
certification). I think it is a useful benchmark and, all else being equal,
I'd pick a SOHO appliance that was certified over one that was not.
3. Look at the products security architecture. How is the box itself
protected? Not everyone can produce a firewall, marketplace to the contrary.
Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
- Next message: Tomas Huynh: "Re: Linux Firewall!"
- Previous message: David Loysen: "RE: Dual firewall question"
- Maybe in reply to: Geoff Bonallack: "3Com / Checkpoint strength comparison"
- Maybe reply: Jesus Gonzalez: "RE: 3Com / Checkpoint strength comparison"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]