Thank you very much for your reply.
> FW-1 does NOT do any OS hardening. It is expected that the installer will do
> this on whatever platform it is installed on.
It is a bad thing. It was expected at least a 'basic' OS hardening.
In any case, from Checkpoint, I received the following insurance:
'By using the CheckPoint Stateful Inspection Technology, we even secure
the gateway itself.
We inspect each and every packet on the Inbound direction, meaning even
before entering the gateway and reaching the OS.'
> Perhaps you should consider IBM Firewall for AIX.
Already considered. But it doesn't fulfill some requirement for our
project (NIS and SQL*net traffic, a 'not common' login procedure to the
FTP proxy, etc.)
> (Check Point Firewall-1 offers NO proxies).
They are unnecessary with their Stateful Inspection technology.
But why IBM OEMs FW-1?
Domenico Viggiani Internet Systems Engineer
CAP GEMINI ITALY SpA E-mail: dviggian @
Via dei Berio, 91 - 00155 Roma Phone: +39 6 23190 509