A word of warning regarding FireWall-1. First let me say that this is
a great product, easy to install and very effective for packet
filtering and authentication. I've recommended and installed it at
many sites. It has one potentially serious flaw however, the
licensing.
FireWall-1 ships with a demo license that expires after 30 days. If
you install this product at a client site be sure the administrator
follows-up and gets the permanent license as soon as possible. If
you're supporting the product directly consider not installing the demo
license at all.
The problem is that the demo license will expire without warning,
exposing the internal network. This has happened to me twice now.
There is no way to verify whether the installed license is a demo or
permanent. There is also no way to verify that a permanent license was
(properly) installed. The real problem is Sun Licensing. The software
they use to generate licenses (from serial number + hostid) is very
buggy, crashes often, takes hours or days to generate a license, and
may forget your license request altogether. If you call or email for a
license don't expect to be emailed / faxed back on the first try
regardless of what the operator says.
I can recommend this software almost without reservation. Just be sure
to get the permanent license _before_ doing the installation, and save
the "fw putlic" command line in a safe place.
Roger Marquis
Sr. Systems Analyst, Roble Systems
(marquis @
roble .
com, 415-494-9250)
Follow-Ups:
|
|
