Only one thing to contest here. It uses all transparent proxies. There
is absolutely no need to register users or modify clients. Don't know
what gave you that impression - I suppose the clunky Java interface and
poor manuals might have...
There are no transparent INBOUND proxies. Inbound proxies must be
authenticated by some sort of OTP device - SecurID, CryptoCard, etc.
The OUTBOUND proxies are completely transparent.
But your assessment of the target installation is pretty good. Small
sites with low change. Folks who want a box that they don't have to
touch. I know that the purists will go nuts over that, but the reality
is that there are many people out there who recognize the need for
security who are too small to have that $100K/yr expert on staff.
regards
Andy
=======================================================
Andy Webb awebb @
swinc .
com www.swinc.com
Simpler-Webb, Inc. Austin, TX
"The clue meter is reading zero..." - Dilbert
=======================================================
> -----Original Message-----
> From: Hassan Karim [SMTP:hassan @
cq .
com]
> Sent: Monday, June 30, 1997 11:55 AM
> To: manuel .
ricca @
pararede .
pt
> Cc: firewalls @
GreatCircle .
COM
> Subject: Re: Borderware
>
> I did a comparitive evaluation/installation of Borderware, FW-1 and
> IBM's
> SNG and found
> that Borderware is probably only suitable for a small network that
> doesn't change very often. It is not really easy to configure at all.
> 1st
> of all you can not configure it on the console... i.e. configuration
> must
> me done remotely. the Java interface is very clunky compared to SNG's.
> Add
> if you cant get the browser to work then the only way you can
> configure it
> is by ftp'ng the config files from the Firewall... then make your
> changes
> and then ftp them back to the firewall machine (hope there aren't any
> mistakes or gotchas in the config files). BTW when I say remote I mean
> eihter via https or ftp NOT telnet or ssh. Also... hope you have a
> vendor
> that has in house in-depth expertise so that if you run into snags you
> can
> get some help otherwise you'll be short because the manuals aren't all
> that great.
>
> Plus since it only uses non-transparent proxy one would have to add
> users
> for everyone that needed to leave the network
>
> Granted... I think security wise, although I couldn't get it to log
> everything (probably user error), it is pretty tight.
>
> For the brave at heart, SNG seems to be a magnificent product.
> However, I
> think there is an unnecesary (sp)layer of complexity when creating
> rules.
> Firewall-1 is simple and straight forward. Although FW1's management
> console hosed my local X sesion every time... the product overall is
> tight!
>
> Hope this helps...
> Peace,
> Hassan
>
> On Mon, 30 Jun 1997
> manuel .
ricca @
pararede .
pt wrote:
>
> > Does anyone have experience with Borderware Firewall?
> > If so, how where would you place it comparing to Raptor, Pix and
> FW-1 ?
> >
> > TIA,
> > .M
> >
> > Manuel Ricca (manuel .
ricca @
pararede .
pt)
> > ParaRede - Tecnologias de Comunicao, S.A.
> > Tel: +351 1 3020451
> > Fax: +351 1 3020444
> >
> > // Be happy - things can always get worse
> >
> > These are my own opinions and do not reflect those of my employer.
> > My employer thinks I'm working.
> >
|
|
