--- On Tue, 1 Jul 1997 02:55:08 +1000 Hassan Karim <hassan @
cq .
com>
wrote:
>I did a comparitive evaluation/installation of Borderware, FW-1 and
IBM's
>SNG and found
>that Borderware is probably only suitable for a small network that
>doesn't change very often.
Yep - on small network with light traffic it works fine for me.
> It is not really easy to configure at all. 1st
>of all you can not configure it on the console... i.e. configuration
>must me done remotely. the Java interface is very clunky compared to
>SNG's.
This wasn't true for ver 3.1 (4.1 current). BW ver. 3.1.x can be
configured completely from the console (default way).
> Add if you cant get the browser to work then the only way you can
>configure it is by ftp'ng the config files from the Firewall... then make
>your changes and then ftp them back to the firewall machine (hope there
>aren't any mistakes or gotchas in the config files). BTW when I say
>remote I mean eihter via https or ftp NOT telnet or ssh
>Also... hope you have a vendor
>that has in house in-depth expertise so that if you run into snags you
>can get some help otherwise you'll be short because the manuals aren't
>all that great.
This was a very good point. An experienced vendor is very important. We do
NOT email BorderWare(Secure Computing) for any support -they simply do
not reply to our requests. I hope they read this list/msg. and do
something about it.
>Plus since it only uses non-transparent proxy one would have to add users
>for everyone that needed to leave the network
>Granted... I think security wise, although I couldn't get it to log
>everything (probably user error), it is pretty tight.
It might be because of the alarm rules you did/didn't specify.
BW ver. 4.1 is more 'loose' about hardware requirements compared to the
old one (ver. 3.1) which was very strict about brand of NICs, SCSI
adapter and IRQs, Ports assigned).
BorderWare is very 'rigid' to some changes (like size of swap file, size
of log files) and you can change them only at installation time.:-(
A few 'extra + free' goodies, part of BorderWare: You can run services
like: WWW, FTP, Mail, DNS, News on the same box. You have a third
interface - the so called SSN (Secure Server Network ~ sort of DMZ) which
is intended for multiple WWW, Mail ...etc. servers which are safe being
behind the firewall and separated (still accessible) from the LAN.
A big hassle (in my particular case) was a NEW rule in BW ver 4.1 for host
name syntax (DNS). Host names can not include the '_' char, e.g. xxx_yyy
is not acceptable. If you have such hosts you must rename them.
Well, that was my 2 cents contribution. (I'm broken now);-)
>For the brave at heart, SNG seems to be a magnificent product. However, I
>think there is an unnecesary (sp)layer of complexity when creating rules.
>Firewall-1 is simple and straight forward. Although FW1's management
>console hosed my local X sesion every time... the product overall is
>tight!
>
>Hope this helps...
>Peace,
>Hassan
>
> On Mon, 30 Jun 1997
>manuel .
ricca @
pararede .
pt wrote:
>
>> Does anyone have experience with Borderware Firewall?
>> If so, how where would you place it comparing to Raptor, Pix and FW-1 ?
>>
>> TIA,
>> .M
>>
>> Manuel Ricca (manuel .
ricca @
pararede .
pt)
-----------------End of Original Message-----------------
Cheers
ChrisA
Computer Systems Manager
candreev @
lgsa .
org .
au
|
|
