Firewalls: Re: Firewalls review in Data Com

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls review in Data Com
From:	Adam Horwitz <adam @ tripcom . com>
Date:	Fri, 24 Nov 1995 22:31:19 -0600 (CST)
To:	janken @ rust . net
Cc:	firewalls @ GreatCircle . COM (firewalls)
In-reply-to:	<199511250710 . XAA02146 @ Fe3 . rust . net> from "Ken Stephens (Millennium Consulting)" at Nov 24, 95 11:10:59 pm

> I have been taken to task by Adam Horwitz <adam @
 tripcom .
 com> for my poor 
> choice of words when I wrote: 
> 
> "Doesn't anyone care that you now can see that the Firewall-1 Product 
> will pass a lot of packets (as check point has claimed) but, drops a lot of
> packets under heavy load as compared to the Cyberguard product that tops
> Firewall-1 at the traffic high end and dropped zero packets (Firewall Stress 
> Test Chart vs. Lost Sessions table)."
> 
> 
> Adam says that "3 out of 1,000 is hardly "a lot"."
> 
> As a zero defect kind of guy I will agree that "a lot" is in the eye of the
> beholder.  As a user, if you are one of the 3 who gets lost, 3 may be too many.
> At T1 pipe speed that works out to 3 failures every 7+ minutes.  I would
> not fly on an airline with that service record.  I would not accept a firewall
> with that service record.  Call me a perfectionist, I do not mind.  I could 
> start a wild eyed rant about falling standards but I think the bandwidth is
> not mine to consume.  Read the article.  Look at the tables.  Draw your own
> conclusions.  If I am wrong tell me(Please use the list only if others may
> be interested in your comments).

Thank you so much for taking to arguing in public without even giving
me the courtesy of one private reply.  In case you did not notice,
the message I sent you was not in public.  I guess the fact that I
agreed with your other points was totally overshadowed by my comment
that I thought your choice of words on that one point was poor.

Since you were so quick to calculate the failures at T-1 pipe speed
would you mind adjusting those numbers for real-world use?

You also failed to mention that I brought up the question of whether
the OS was to current patch levels and how come the latest
version of SunOS wasn't used.  And as I also pointed out, these same
questions apply to the other products reviewed.

By the way, my mailer, Elm, doesn't like your return address of

	janken @
 rust .
 net (Ken Stephens (Millennium Consulting))

because of the double parenthesis.  I haven't checked the revelant RFCs,
but since you're a zero-defect kind of guy, you might want to take this
into consideration if you like being "compatible" with everyone.

-- 
Adam Horwitz                     (708) 778-9531
Tripcom Systems Inc.           adam @
 tripcom .
 com

References:

Re: Firewalls review in Data Com
From: janken @ rust . net (Ken Stephens (Millennium Consulting))

Indexed By Date	Previous:	Re: Firewalls review in Data Com From: janken @ rust . net (Ken Stephens (Millennium Consulting))
Indexed By Date	Next:	Re: Firewalls review in Data Comms From: Jody C Patilla <jcp @ TIS . COM>
Indexed By Thread	Previous:	Re: Firewalls review in Data Com From: janken @ rust . net (Ken Stephens (Millennium Consulting))
Indexed By Thread	Next:	Re: Firewalls review in Data Com From: peter @ nmti . com (Peter da Silva)