Why don't you buy Sunscreen EFS from Sun instead of Firewall-1. Faster,
better, less restrictive licensing...
> > I thought I would post this note to the list to warn people of some
> > limitations of the Sun Soltice Firewall-1 product. Our requirements
> > included multiple ethernet interfaces that were used to connect
> > multiple networks. The idea was to protect one of the interfaces
> > from all the others. The others included the internet, WAN
> > connectivity to our clients etc. The license we purchased for
> > firewall one was the Light Security Center License since we only
> > have about 12 hosts that need to protected.
> > After much research and fighting with the support reps at Sun
> > we discovered that the Light Security Center License only supports
> > one external interface (terminology used for licensing purposes).
> > As a result it counted each host it received packets from on any
> > of the other interfaces as an internal host. That license only
> > allow 50 internal hosts. That license was about $5000.00 and
> > it turns out the license we needed is just about $40,000. Try to
> > sell that to management!
> Someone told me FW-1 detects how many hosts you have from the broadcast
> packets of those hosts. So one way to solve your problem is to configure
> those hosts not to send out broadcast packets.
> > If we knew this earlier we would have just purcased a CICSO
> > enterprise router, which does just about everything the
> > firewall-1 software does.
> "Everything" ?? I am not too sure I follow you here. I think you are
> confusing FW-1 packet inspection technology with plain old packet
> filtering that ANY router is capable of doing. Anything beyond that I
> can't see for the life of me how the 2 can be comparable.
> Licensing issue aside, FW-1 is a robust and highly regarded security
Licensing not aside, Sunscreen EFS is very robust and an excellent security