Greetings!
Paul Simons wrote:
> Does anyone have a link to a decent comparison between CP-FW-1 and
> 'Symantec' Raptor?
Yes - but only personal experience. These is purely my personal,
incomplete and subjective view (and a bit antiquated as I only know
Raptor up to 6.0)
Pro CKP-FW1
- many (OPSEC) compatible 3rd party stuff
- better logfile filtering (online)
- FloodGate plugin for QoS available
- does handle many RPC/FTP-style protocols (unique feature)
- complex NATing (NOT in-protocol e.g. SQL*net) easy to
implement
Pro Raptor
- OS-hardening done during installation
- proxies much more stringent ("safer") on protocol conformity
OTOH this us pain if you have noncompatible software,
e.g. Notes' SMTP headers often suck...
- plaintext on-line log file, can be used e.g. with 'tail -f'
for real-time analysis
- long object names can be practically used
(due to large or resizable dialog boxes)
- "flood" alerts (thresholds customizable)
- scales (better) with more CPUs
- Unix GUI ("Hawk" / "RCU") better for routine tasks
- a number of specific RPC-proxies that actually can do NAT
(H.232, SQL*net)
- shifting interfaces (IP address, masq) easy and predictable
Again: purely my personal, incomplete and subjective view, so beware... ;-)
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstra�e 100
D-10997 Berlin
fon +49 30 6104-3307
fax +49 30 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
