You do need the Lucent Security Management Server software to
configure and administrate the brick. I'm not sure how many bricks
the initial license is good for, five comes to mind, but you only have
to purchase "an upgrade" for additional units. The management
software is one of the brick's stronger points. It is relatively easy
to use and will remotely manage an outrageous number of bricks
(somethng like 250). Additionally, it will also manage Lucent's
receiently aquired line of Ascend routers (now called Pipe Line and
Super Pipe routers), allowing you to create VPN tunnel-end-points for
remote LAN connections. You can also get pretty detailed in
administrator rights, creating admin's for just some of the bricks,
and even policy zone administrators for specific rule sets. It runs
on either NT or Solaris.
VPN is another of the brick's strengths. Lucent bills it as "the most
compliant" to the IPSec standard, and my experience with the brick
agrees. With an accelerator card the brick is supposed to handle
about 5000 endpoints, though I haven't personally pushed one past a
couple of hundred. The Lucent VPN client (now up to v3.0) only runs
on Windows products, but outside of clicking to initiatie the
connection is seemless for even the most technically challanged user.
There are third party clients around, and the brick will IKE it up
with CP FW-1 which can come in handy for LAN to LAN tunnels.
Hmm, the 515-UR's I've used seem smaller than 2U, at least a PIX and
two Cat 2924's take up less space than a brick, and the Cisco's are
all the same size. Which reminds me of where the brick needs some
serrious help. Routing. Matter of fact it needs a router in front of
and behind it to function properly in anything other than the simplest
network topology.
Glenn
>>> Martin <[EMAIL PROTECTED]> writes:
Martin> What REALLY scared me away from the Brick was that (At least according
Martin> to Lucent salespeople) you HAD to buy their software to configure, and
Martin> even more of a worry, you HAVE to buy an ADDITIONAL software package
Martin> (which I could not get them to price out for me) for failover support.
Martin> If it costs as much as the management software, then that puts you to
Martin> over double the cost of going with the PIX-515-UR. The fact that cisco
Martin> will sell you a failover unit for $3300 is a pretty significant push
Martin> away from Lucent. The LVG-201 is supposed to have decent VPN support,
Martin> but I have no experience with it (comments?) so I can't speak there. I'm
Martin> also not too worried about VPN support at my site, so I haven't done all
Martin> the research there, either.
Martin> Anyway, IMO if the Brick has something you need, buy the Brick. If not,
Martin> get a PIX, or something else entirely. The PIX-515 is also a 2U box
Martin> where the Brick is 4U, so assuming you use a 4U box to manage the bricks
Martin> (which should be done by a dedicated machine with disk mirroring and
Martin> redundant power) you're using 12U where you could be using 4U, since the
Martin> PIX can be managed quite well via a telnet connection.
--
Glenn Shiffer [EMAIL PROTECTED]
__ __
/ // /___ (_)__ __ Systems
/ // // _ \ / /\ \/ / Consulting
\_,_//_//_//_/ /_/\_\... Network Design
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
