Firewalls: Re: Firewall Products

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewall Products
From:	scott @ Disclosure . COM (Scott Barman)
Date:	Tue, 11 Apr 95 15:55:59 EDT
To:	adam @ bwh . harvard . edu
Cc:	firewalls @ greatcircle . com

Adam Shostack <adam @
 bwh .
 harvard .
 edu> writes:
>
>| We're looking at firewall products (preferably for the AIX platform) and I 
>| wondered if anyone could offer advice as to limitations (or "gotchas") with 
>| our "narrowed down" list.  So far, IBM's NetSP and ANS's InterLock seem to 
>| be good candidates, although Sidewinder, from Secure Computing appears to be 
>
>	NetSP requires a firewall expert to set up.  There are several
>things that the manual doesn't cover, it runs sendmail, and  has no
>easy to configure tripwire-like functionality. 

There are a few others I am looking at (along with some comments based
on my preliminary look):

Internet Site Patrol from BBN Planet
	It is a turnkey system that has a Mac front-ending a UNIX box to
	do all the firewall work.  It looks interesting and a review of
	it called it easy to use.

	Even though I have nothing against the Mac (I want a PowerBook!),
	I am having a hard time with the Mac being a front-end to the
	UNIX box.  Also, I understand that you can't use the UNIX box for
	any general purpose applications with Site Patrol.

FireWall-1 from CheckPoint Software (sold in the DC area by I-Net)
	I saw this at a time I was not that interested in firewall
	product and was impressed with the demo.  The thing I liked
	about it is that it handled just about everything from the
	interface (X11R5/OpenLook): sub-networking, packet filtering and
	customization options, (I think) DNS, and even managing access
	list for a Cisco router (if you've ever tried to program a Cisco
	router, you know how nice a good interface can be!).

	However, it only runs on Sun SPARC boxes and its interface is
	OpenLook (sorry, I am not an OpenLook fan).  Also, it only
	supports Cisco routers (ok, so most people use them, but not
	everyone!).

Netra from Sun
	I know the least about this except that it is a standalone SPARC
	box with no monitor and software that uses voice to configure.
	Sun's literature on this isn't the greatest and I haven't had
	time to contact a local distributor.

We are in the evaluation phase for a firewall system.  If anyone has
comments on these and others (such as Gauntlet from Trusted Information
Systems--which is on my list to look at), it would be appreciated.

scott barman
scott @
 disclosure .
 com
barman @
 ix .
 netcom .
 com

Indexed By Date	Previous:	Info Security List From: Slemo Warigon <warigon @ merlin . etsu . edu>
Indexed By Date	Next:	Which router was that ? From: dennis @ smartstar . com
Indexed By Thread	Previous:	Re: Firewall Products From: Adam Shostack <adam @ bwh . harvard . edu>
Indexed By Thread	Next:	Re: Firewall Products From: aszameit @ oen . detewe . de (Andreas Szameit, DeTeWe OeEN)