I actually found myself in a similar situation once, only it was BM2.x
which was a dog. We had some pretty severe stability problems with BM so
FW-1 was less of a hard sell. Now, if it is a Novell shop, I have to
admin BM is going to have better tie-ins to NDS, and arguing whether
stateful inspection is "better" than an application proxy will rapidly
degrade to a religious war. If their current solution is working exactly
they want it to, there may be no realy reason to switch, and have the
opportunity to build your skillset with another product. The site-to-site
VPN is not terrible, like you say BM is cheaper, it's already in place,
and if the only reason you want to switch is because you are more familiar
with FW-1, I think you may lose the battle. I am not particularly fond of
Novell's propensity to "bend the facts" in some cases, but I give them far
more credit for honesty than I do Microsoft.
Unfortunately for you BM3.5 really is a decent product. If they were
using 2.1 then I would be able to give you plenty of ammmo, but as it
stands... I would look at the site's needs and compare the two products
based on those needs. It sounds like site to site VPN is a requirement.
Well, they have it. If transparent authentication to the firewall for web
access is required so users don't have to login again to surf, yet you are
still able to track by username instead of IP address in a DHCP
environment, FW-1 can't do that... BM3.x can. If however they want client
VPN, with FW-1 you get SecuRemote, and I do not think you get something
like that with BM (though I am not thouroughly versed with v.3.5 of the
product). If you create a matrix of need vs. availability vs. expense of
implementatin you will have a better idea of how to proceed.
Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com
"Luck is the residue of design."
- Branch Rickey - former owner of the Brooklyn Dodger Baseball Team
On Wed, 27 Oct 1999, James Paterson wrote:
> I was wondering if anyone had any thoughts or an idea where I can find some real
>world comparisons between the 2. We have just merged with a firm that uses Border
>Manager for their firewall, and Iam using Checkpoint and have for years.
>
> Iam trying to find some reasons that non-technical management will understand for
>using Checkpoint to connect the two office rather than Border Manager, as Border
>Manager is a lot cheaper. Try explaining statefull inspection to a MBA.
>
> They respective companies websites are not helpfull, as checkpoint has nothing on
>comparisons, and the Novell comparision is just plain wrong. (according to Novell,
>Checkpoint doesn't even support gopher as a service).
>
> Any leads / tips on this oranges to apples comparison would be appreciated.
>
> Regards
>
> James
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
