> We are evaluating Checkpoint's Firewall 1. The OS of preference would be Sun's
> Solaris. I have read nothing about how the Solaris OS kernel should be hardened,
> either by the vendor or by us. Is this not required. Currently our existing
> firewall is running on a hardened SCO box that was certified by the vendor. I
>
Certified for what? Certifications are (IMO) placebos. The real test of
the box is how it is used, configured and maintained; not a vendor's
"certification". If I don't fully understand what they are certifying,
or they can't explain it fully, then chances are even if it is secure it
won't be for long (and the original chances aren't all that good in my
opinion).
As for hardening Solaris, there are a few nice guiidelines, though they
can also be applied to other flavors of UNIX.
There are some decent FW1 resources at:
http://www.enteract.com/~lspitz/papers.html
http://www.phoneboy.com
> understand that Firewall-1 has in access of 50% of the market, but from the very
> limited access I have had with the product I don't see that much of an
> advantage. Also, any comments on their support would be appreciated...thanks in
> advance...Jerry
>
Advantage over what? To be used for what? If you have a very simple user
base and need a one way mirror setup (mostly browsing) then by all means
jump all over a proxy based firewall. If you need flexibility and a the
support of a large user base, the FW1 is worth your time to seriously
examine.
I was originally a proxy bigot, and commiserated several months before
deciding on FW1. That doesn't mean its the right product for you, just
that it can take some time to really pick the product that fits your
needs.
As for support, I don't deal with Checkpoint, they're too big to be
useful. I've had decent luck using Netrex for sales, support and some
professional services (http://www.netrex.com)
Regards,
Dave Elfering
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
