I have worked with it extensively, and do not quite agree with the other
comments made here about stability, but they are otherwise not far off
the mark.
I have found both the current version (3.0), and the previous (2.x), to
be very stable, once all appropriate patches were applied. I have it
running at a number of clients, and like most Novell products, I don't
hear much about them, they just keep running (except we did get calls to
the help desk at one site - people thought something was wrong because
the Internet access was SO fast).
BdrMgr is fairly secure, but the logging and altering, particularly with
regard to bad traffic (i.e., penetration attempts) is pretty poor.
Setting up packet filters is a major pain, as there is no GUI.
However, version 3 came with a number of proxies beyond just HTTP and
FTP, as well as a generic proxy which you can configure for any service.
It also provides NAT, so I don't generally have to punch many holes
thoguh it. Would be nice if it had a GUI interface.
Note that Novell is not positioning this directly against the major
firewalls, but as an adjunct - it offers TREMENDOUS caching performance,
and allows you to do granular security by User, rather than IP address,
through NDS (so you don't have to log in again to the firewall or proxy
server, and you can't defeat the access rules by moving to another
machine). I think that is why the diagrams often show it with an
existing firewall, even though it does offer equivilant security (if not
reporting). V3 also supports SOCKS, for passthrough auth. to an existing
firewall.
If you provide Internet access, then you should have a cache. If your
firewall doesn't cache, then BdrMgr will pay for itself quickly, even if
you already bought a firewall.
It also has server to server, and client to server, VPN.
Frank Pawlak wrote:
>
> Does anyone have any experience with this product? Any thoughts as to how it stacks
>up to the major players, Raptor, Gauntlet, etc?
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
