>We have a couple of options, one being a cheap all-in-one box (3Com
>Officeconnect Internet Firewall DMZ), the other being a more expensive (by a
>factor of 4) hardware / software combination (Checkpoint VPN-1 with a PDS
>2100).
>
>My question is, does anyone have a compelling reason to go with the Checkpoint
>VPN-1 solution vs the very cheap, all-in-one 3Com solution? I can't find
>enough product literature to know whether the 3Com box supports everything we
>need; it doesn't seem to be application-level at all, but just stateful IP
>inspection. I don't want to lock us into a solution that will crimp our
>network, and which will prevent us getting the security and outside access we
>need.
Three comments:
1. Is it really stateful inspection? I've known so-called stateful
inspection firewalls that were really dynamic packet filters. There *is* a
difference.
2. There are many other other small office solutions out there, some of
which are certified against test criteria (Checkmark or ICSA
certification). I think it is a useful benchmark and, all else being equal,
I'd pick a SOHO appliance that was certified over one that was not.
3. Look at the products security architecture. How is the box itself
protected? Not everyone can produce a firewall, marketplace to the contrary.
Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
