I have a feeling there's some confusion here... I've been evaluating
the "Digital Firewall for _Unix_" (not Ultrix). I haven't heard of a
current D.. F.. for Ultrix product, so I suspect, if this isn't what
the original poster said, it is what they intended:).
Not wanting to go into an evaluation in such a public forum, I will
say that the new product is based on DEC Unix (aka OSF/1) running on
a DEC Alpha, and has little, if any, resemblance with the product
described by Mr. Brigman below.
Brad Smith
Surf Software
brad @
surfsoft .
com
>From: James Brigman - Imonics Development <jbrigman @
imonics .
com>
>Date: Tue, 29 Aug 1995 07:54:47 -0400
>Subject: Re: Digital Firewall for Ultrix
>
>I can tell you a bit. I used to administer one.
>
>Pros:
> - Ultrix 4.x is an old, stable product.
> - Machines running Ultrix can be cheap.
> - Ultrix has built-in C compiler, not an extra-cost item.
> - xforwardd, ftp and telnet proxies built in which do not require
> special telnetd, ftpd, etc. spread out to every client.
>Cons:
> - SecurID integration exists, but is poor.
> - ONLY ONE PROTECTED INTERNAL SUBNET IS POSSIBLE if using SecurID
> - They ship you an old IDA sendmail with the product
> - it's expensive
> - DEC doesn't support ULTRIX 4.x very much at all.
> - The A1-to-SMTP interface (although not a firewall component, a
> related product) is VERY poorly supported and NOT MIME compliant. Nor
> will it EVER be.
> - At least the product I used was not a "product", per se, but a
> repackaged set of firewall utilities you can get from any of the good
> security archives on the internet.
> - Poor sockd/httpd integration. We had to "roll our own".
> - No way to do internal and external web accesses on an internal
> web viewer using the sockd/httpd (a limitation of httpd/sockd?)
> - I was only able to find about TWO active users in the continental
> US of this product. If there are others, they sure DIDN'T want to be
> found because I looked HARD.
>
>Conclusions: If $$ are the problem, get a fast Pentium PC, load Linux and get
>the tools from the internet locations. If $$ are not a problem, or if no on-si
>te support, go with one of the commercial products and pay to have it configur
>ed.
>
>I don't know why anyone would actually CHOOSE to go to this product. From what
> I have seen, there are much better, much cheaper products, ie: Firewall-1, TI
>S Toolkit (written by Marcus Ranum, one of the original authors of this softwa
>re), a couple of the Sun products, and PORTUS (an interesting AIX product...)
>
>[DISCLAIMER: I have no connection whatsoever to these products: I have simply
>seen either the technical info or the product in action and am merely offering
>a disinterested opinion: I do not administer any of the products described
>herein. All flames to /dev/null. ]
>
>JKB
Follow-Ups:
|
|
