Hi Neil,
On 23 Jun 99, at 17:01, Neil Lehrer wrote:
>
>
> hi,
>
> i would like to hear from people with real world experiences on the
> lucent manaaged firewall and/or the nokia ip security router/firewall.
We use the Lucent Managed Firewall 3.0i and also have some customers
using it.
It�s a very tight and clever piece of "network security appliance". Up to
now, we haven�t discovered any flaws or bugs with the Brick device
itself. Also the Software, the SMS, is working very well. With stress
tests, we measured 45Mbps throughput on our Brick, not bad for dynamic
stateful inspection.
NAT and VPN is also included.
What we are missing: strong encryption outside U.S. ;-), more debug tools
for power users on the Brick itself (which may break security, I know ;-).
What I really like is the concept of "Security Zones", so you no longer
think solely in "Interfaces". Zones may be deployed to several interfaces
(the Brick has 4x 100BT), and more than one zone may be put on one
interface. Also, you may deploy your security zones over more than one
Brick. And, each zone can have his own security administrator, with only
admin rights for his zone, without compromising other zones.
What I also like is the Brick itself, based on the operating system
"Inferno". It�s small and cute, and you don�t need a power OS like
Solaris, NT or else just for the network appliance.
Also the Brick is a bridge-level device (but not like "Galloping Gertie"
;-)...
Up to now, we couldn�t break it. Of course, your overall security is that
of every Firewall implementation with "Dynamic Stateful
Inspection"...with wrong security policies or misconfigured filtering
rules, you are vulnerable. But this is not the products fault, but that
of the Gatekeeper (that�s how I call the security admin ;-)
The Nokia product may have comparable features, because it�s based on a
light OS. The software is Checkpoint FW-1. I personally don�t like it,
but accept its market share.
Generally spoken: I prefer dedicated network security appliances with a
small, lean, and secure OS, and with separated auditing and
administration servers...
Kind Regards / Mit freundlichen Gruessen,
--
Frank M. Heinzius MMS Communication AG
mailto:[EMAIL PROTECTED] Eiffestrasse 598
http://www.mms.de 20537 Hamburg, Germany
Phone: +49 40 211105-40 Fax: +49 40 210 32 210
-- spam forbidden -- -- PGP key available --
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
