I would put the FW-1 on the Internet perimeter ahead of a DMZ segment and the Raptor
between DMZ and internal.
The reasons for this is that FW-1 is faster but doesn't have a large number of
proxies so it can only protect against HTTP/FTP attacks beyond packet based defence.
The Raptor is slower but more complete in its proxying so it is better for
protecting internal users using services like NNTP, SMTP, Netbios etc.
If Raptor were first, its rules would be complicated in allowing tuff only to DMZ but
not through FW-1. FW-1 would be fairly redundant since it wouldn't catch anything that
Raptor had not.
Raptormobile is less mature than Secure Remote and really only works well with
Raptor firewall. Secure Remote is more compatible with other VPN servers.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dieter Sarrazyn
Sent: Thursday, February 01, 2001 04:58
To: [EMAIL PROTECTED]
Subject: combination of fw-1 and raptor firewall
Hi,
I have some questions concerning the combination of a checkpoint fw-1
and a raptor firewall.
1. How would you place the firewalls? First the raptor (and why) or
first the checkpoint (and why)?
2. What are the advantages of each setup?
3. Which VPN -client would you use for each setup? The securemote client
or the raptormobile client?
Many thanks for all the response!!
regards,
Dieter Sarrazyn
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
