Adam Shostack <adam @
>| We're looking at firewall products (preferably for the AIX platform) and I
>| wondered if anyone could offer advice as to limitations (or "gotchas") with
>| our "narrowed down" list. So far, IBM's NetSP and ANS's InterLock seem to
>| be good candidates, although Sidewinder, from Secure Computing appears to be
> NetSP requires a firewall expert to set up. There are several
>things that the manual doesn't cover, it runs sendmail, and has no
>easy to configure tripwire-like functionality.
There are a few others I am looking at (along with some comments based
on my preliminary look):
Internet Site Patrol from BBN Planet
It is a turnkey system that has a Mac front-ending a UNIX box to
do all the firewall work. It looks interesting and a review of
it called it easy to use.
Even though I have nothing against the Mac (I want a PowerBook!),
I am having a hard time with the Mac being a front-end to the
UNIX box. Also, I understand that you can't use the UNIX box for
any general purpose applications with Site Patrol.
FireWall-1 from CheckPoint Software (sold in the DC area by I-Net)
I saw this at a time I was not that interested in firewall
product and was impressed with the demo. The thing I liked
about it is that it handled just about everything from the
interface (X11R5/OpenLook): sub-networking, packet filtering and
customization options, (I think) DNS, and even managing access
list for a Cisco router (if you've ever tried to program a Cisco
router, you know how nice a good interface can be!).
However, it only runs on Sun SPARC boxes and its interface is
OpenLook (sorry, I am not an OpenLook fan). Also, it only
supports Cisco routers (ok, so most people use them, but not
Netra from Sun
I know the least about this except that it is a standalone SPARC
box with no monitor and software that uses voice to configure.
Sun's literature on this isn't the greatest and I haven't had
time to contact a local distributor.
We are in the evaluation phase for a firewall system. If anyone has
comments on these and others (such as Gauntlet from Trusted Information
Systems--which is on my list to look at), it would be appreciated.