* Ken Claussen <[EMAIL PROTECTED]> [010330 16:48]:
> Can of worms is right... I have worked with both Pix and FW-1 (NT not Nokia)
Just to clarify, the NT version of FW-1 IMO is only good enough for
kiosk demonstrations and should not be compared at all to PIX, as at
least PIX is production useable.
> and in that sense better is a very subjective term. The Firewall 1 is by far
> easier for someone who is not intimately familiar with TCP/IP to manage, but
> the logging facilities and log viewer (4.0 SP7) were slow and about
> worthless.
See NT remark above.
>the Pix will log to Syslog
As will FW-1, at least 4.1 on Solaris can easily use syslog for logging.
The licensing and costs with either are prohibitive when you add VPN
options etc. to the mix. I will add that FW-1 has a nice advantage for
having just a pile of information available online, which is handy.
Just don't run FW-1 on NT unless it is a tiny office LAN you are
protecting with light traffic and no VPN use of any density.
If you are going from FW-1/NT to a PIX you will see a great performance
benefit, if you have a Solaris FW-1 install...I don't understand why you
would want to switch to a totally different platform. Hit the boss with
"your PIX scheme would be fine except I already know FW-1 and switching
is a pointless effort that will burn excessive resources to learn a new
platform with no real benefit." Have the PHB list why he wants the PIX
stat by stat, I can't imagine he has a clue, probably some naked chick
in a Red Herring ad for PIX now. :-)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
