Domenico............happy to reply..........
Domenico Viggiani sent a note:
>> Perhaps you should consider IBM Firewall for AIX.
>Already considered. But it doesn't fulfill some requirement for our
>project (NIS and SQL*net traffic, a 'not common' login procedure to the
>FTP proxy, etc.)
We do offer strong authentication (SecureNet Key, SecurID Card, etc).
Since Check Point has no proxies, not sure how they do a 'not common'
login to the FTP proxy.
Security concious people I talked to said anyone would be crazy to open
NIS to the Internet, but depending on the configuration, could be done
with VPN for authentication and encryption between known sites.
SQL*net is something we are working to provide. Depending on the size
of the opportunity, it is possible that we could provide it early for
the specific customer you are talking about.
>> (Check Point Firewall-1 offers NO proxies).
>They are unnecessary with their Stateful Inspection technology.
This is certainly their opinion, and they are entitled to an opinion.
However, many security experts agree that filtering alone (even
with Stateful Inspection) is not as secure as using proxies.
>But why IBM OEMs FW-1?
Because customers want it.
Customers make purchase decisions based on many criteria. For many
the IBM Firewall is the best firewall, as many customers and
resellers agree. Some customers choose Check Point Firewall-1.
The IBM RS/6000 Division wanted the opportunity to sell our hardware,
rather than just letting FW-1 be sold on Intel, Sun or HP hardware.
For the same reason, IBM will sell our Firewall on other platforms (NT,
Sun). While I think RS/6000 and AIX is best, customers sometimes select
other hardware/operating systems.
Firewall Product Market Manager, IBM
Phone: 919-543-1045 FAX: 919-543-2693
Internet: rrea @