Greetings!
Mark Campbell wrote:
> What you guys think of Sonic Wall? Pro's, Con's ??? We're looking at
> using
> it for our VPN's etc. Any good? Documentation obviously sings it's
> praises
> but has anyone used them extensively?
Sonics are good enough if you just want a "we go out with plain web
services" (pop, smtp, nntp, (s)ntp, http, ftp, ...)
SonicWalls are bridging with 1:N NAT hiding and some 1:1 NAT - but need
official addresses in the DMZ. If you need to access e.g. internal DB
servers from DMZ you need to give them official addresses or you won't
be able to get the routing through the firewall.
VPN does not hold promises. With our (Series-2) only manual IPsec worked
- IKE not, not even between two identically configured Pro2's. Docs and
step-by-step instructions did not work.
Configuration easily gets out of bounds as you cannot group - neither
objects nor services. A simple rule "allow development-group to
internet-servers with webservices" explodes into Dev*IS*svr single rules
to be entered - with a maximum of 255 rules this can easily become a
problem.
Web filtering is tricky - filtering rules are non-obviously interdependent.
Admin is possible from all internal PCs and/or ONE external SonicWall
Management station. No limitation or extension (e.g. for management from
an ousourced center) possible.
So we dumped it for Astaro which are similar-priced but playing in a
different (higher) class.
Bye
Volker
PS: all IMHO, personal, and not necessarily my employer's view.
--
-------------------------------------------------------------------
[EMAIL PROTECTED] discon GmbH
IT-Security Consulting Wrangelstrasse 100
http://www.discon.de/ 10997 Berlin, Germany
-------------------------------------------------------------------
PGP-Fingerprint: 5323 a4f7 a7c2 b8ef 4653 05ce d2ea 2b74 b94c c68e
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
