On Sat, 2 Feb 2002, Dirk Pfau wrote:
> the pix 515 is fine for people, prefering console and interested in a
> good environment for debugging. but you can't do anything with pix.
> for beginners, a webinterface for configuration is available, but the
> results of it looks ....
> on my experience, the pix can handle a throughput on very complex
> configurations (nat, acl, failover, 5 interfaces in use) up to about
> 80mbit/s without problems.
>
> ok, lets wait for other mails of people, working with watchguard,
> netscreen, checkpoint, .....
> but every product has two sides and at the end it's your decision.
I've used Checkpoint 3.x/4.x and currently have a customer who is
switching to a Watchguard.
The Watchguard is cheap and easy to use once you are
accustomed to create rules based on the order of:
service (port), src_host, dst_host
=> most specific match first
My main problems are now, that I am missing some proxy's and the concept
of associated ports/connections. For ftp there is a proxy, but what to do
with sqlnet ?
SQL-Net: Control connection on 3299
Server negotiates a data port
Client initates data connection on neg. port
(We have this problem with an oracle database running on NT)
Regards,
Achim Dreyer
-----------------------------------------------------------------------
A. Dreyer, UNIX System Administrator and Internet Security Consultant
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
