"Schlipp, Martin" wrote:
>
> Some aspects I already found:
>
> - FW-1 (NT only) has a security hole (nmap) (Issue 6/99 Network
> Computing). Is there a patch ?
There's no reference to this article on their Web site, but if its what
I think it is (FW-1 on NT crashes), NC should get their facts straight.
I've exchanged e-mail with the original German writer who "broke" this
story. Not only is he getting sued for his commentary, he seems to be
unable to produce anyone who can confirm the issue.
> - Checkpoint takes almost twice the price than Axent does !
A pair of wire cutters will only run you $2. This does not make it the
*best* firewall choice. ;)
> - Checkpoint does not Offer a Trial Version anymore.
Not sure what's up with this either, but your reseller should still be
able to get you an eval of 3.0b. There are some missing features, but
the look/feel/functionality is the same.
> - Checkpoint offers lots of already created Services, while Raptor
> have to be defined by hand.
Its that "filtering firewall vs. proxy" thing. I would not consider this
a black mark against Raptor because you are talking two different
technologies.
> - No Static NAT at Raptor FW and no Virusscan.
Raptor does PAT, which is fine for single instances of a service but a
pain of you are running multiple. For example FW-1 would allow you to
have as many Real Audio servers has you have address space for, Raptor
would only allow you to have one.
> Some aspects I didn't find an aswer yet:
>
> - We are growing, so what happens if an over licenceing takes place
> ? Is there a security problem ? I've hered a rumor that Raptor does a 3 day
> lease for every free IP ? What does checkpoint do ?
Once you exceed your quantity of protected hosts, any new hosts will not
be allowed through the firewall. In other words, connectivity may be
compromised but not security.
> - Has anybody used DCOM with these two firewall ? I should do this,
> and Microsoft stated Raptor might have a problem using DCOM ?
I have not checked, but I don't think FW-1 v4 handles DCOM properly. In
fact, I'm not sure _any_ firewall knows how to handle DCOM. Part of the
problem is that MS can not even settle on a single transport. Win9x uses
UDP while WinNT uses TCP. Add to that the ever changing port numbers and
DCOM is a firewall's nightmare. I would plan on setting the appropriate
registry hacks no matter what firewall product you go with.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
