It really depends what your needs are. Gauntlet and Firewall-1 have a
different design. Gauntlet acts as an application gateway and Firewall-1 uses
stateful inspection which is extended packet-filtering.
To compare the two different architectures you simply use the following
example:
With Firewall-1 you are driving on a High Way. If you reach the border, you
have to show your passport and you can pass in the same car.
With Gauntlet you are driving on the High Way too. If you reach the border,
you have to leave your car, get your personal staff, walk to another car on
the other side of the border and continue your way with the new car.
So, with Firewall-1, if you need a new service, you simply open the gate and
the packets can pass. With Gauntlet you need a piece of software, which
relays your packets.
Older versions of application gateways needed adapted clients, because you
had to connect to the application gateway first. This gave Firewall-1 a
certain advantage, because their you had no need to change your clients. Your
packets were just routed through the firewall. In newer versions of Gauntlet
using transparent proxies, it is similar to stateful inspection.
The security add-ons you mention are not really advantages in my opinion.
Intrusion detection is not as simple that you simply can go through the log
files of the firewall. There you only find the entries with no success. Of
course you can log every packet, but somehow you have to analyze the data.
For intrusion detection you really need to harden and observe the operating
systems and logs of all your applications of all systems involved in the
Internet connection.
You stated, Firewall-1 has 40% market share. Market share is never a quality
issue. It is just an indication that people make no decsions. If you have it,
than I buy it too.
To decide which one is better, you need to do a risk assessment to find out
what you really need.
To find a comparison of stateful inspection and applications gateway read:
http://www.nai.com/products/security/prodserv/gauntlet/firewallcomp.asp
Jim Comen <[EMAIL PROTECTED]> writes:
> I'm trying to determine what the best OS for my site would be. I've
> narrowed my choices to Firewall-1 from Checkpoint and Gauntlet from Network
> Associates. I've looked through various product reviews but it seems that,
> for whatever reason, none of the firewall reviews include both products.
>
> If this is any indication of usage, I've seen more posts regarding
> Firewall-1 than Gauntlet. (I recall reading that Firewall-1 has something
> like 40% of the firewall market). Both products seem to do a very good job,
> albeit using different methods although they're heading for some convergence
> (Firewall-1 seems to be adding proxies while Gauntlet is adding dynamic
> filtering).
>
> Firewall-1 has better performance (although the adaptive proxy feature of
> Guantlet should close the performance gap). Firewall-1 has more choices for
> security add-on (virus scanning, intrusion detection, etc) while, at least
> from the literature, Gauntlet seems to have their basic Guanlet Active
> Firewall better integrated as a single unit.
>
> We're a small site with less than 50 nodes so performace probably won't be
> an issue. I value ease of configuration and management as this is the area
> which I am most concerned about (The cybercop monitor feature of Guantlet
> sure looks good here).
>
> Can anyone provide either opinions of the two, comparisons of the two, or
> real world experiences with them?
have fun ...
--
=========================================================================
Peter Bruderer mailto:[EMAIL PROTECTED]
Bruderer Research GmbH Tel ++41 52 620 26 53
Internet Security Services Fax ++41 52 620 26 54
CH-8200 Schaffhausen http://www.bruderer-research.com
=========================================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
