Firewalls: Re: SSL WatchGuard

Firewalls
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SSL WatchGuard
From:	Eric Johnson <ej @ azid . com>
Date:	Thu, 6 Nov 1997 23:31:13 -0700 (MST)
To:	Joe Smith <konk @ prop . caribnet . net>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 95 . 971104074637 . 6228A-100000 @ prop . caribnet . net>

Hey Joe,  [ couldn't resist: any Hendrix fans here? ]

We use the Firebox here and have installed two so far at client sites.
The thing I like least about it so far: in the GUI you get Incoming and
Outgoing tabs for each service (eg. ftp) that you allow/deny.  With three
interfaces, it would be nice if the GUI gave Incoming/Outgoing tabs
*for each interface*.  

Example: The other day, under time pressure, we wanted to drop a box
on the (otherwise unused) Optional interface and enable ftp from it to
(only) my ftp host on the outside.  From the GUI's perspective, Outgoing
means Internal/Optional to External; however, I already had a config
setup for Any Internal to Any External ftp; to restrict that Optional
host to a specific External host hosed my existing rules.

However, the GUI writes plaintext config files, so if I got ambitious,
I'm sure I could roll-my-own config easily enough, and I have already
successfully hand-edited config files.

It's Linux-based, quick and easy to setup (with the "CIO Friendly"TM
Win95 GUI (actually, it's an X GUI ported to Win32: how ironic :-)),
logs to a syslog host on the internal interface, can be remotely
configured/monitored/rebooted via the GUI; boots from a single floppy,
which can be write protected :-)

We have not pushed ours very hard, but are told that the 10Mb box
will do "wire speed for up to 300 simultaneous sessions", whatever
that means.  The 10/100Mb box would be more capable still.

For $3500 I think it's a smokin' deal.

Caveat: AZID is a WatchGuard reseller.

Regards,

	--Eric
---
Eric Johnson (ej @
 azid .
 com)    Arizona Internet Developers Inc. (AZID.COM)
http://www.azid.com/   +1-602 { 996-9682(v) | 333-2043(f) | 289-1628(p) }

On Tue, 4 Nov 1997, Joe Smith wrote:

: Date: Tue, 4 Nov 1997 07:50:01 -0400 (AST)
: From: Joe Smith <konk @
 prop .
 caribnet .
 net>
: To: firewalls @
 GreatCircle .
 COM
: Subject: SSL WatchGuard
: 
: Greetings
: 
: I have been tasked with looking at several firewalls, and I have been
: reading your posts with interest.  The reviews that I have read have rated
: CheckPoint, WatchGuard and Sunscrean the highest.  The one that I am
: tending towards is the WatchGuard system.
: 
: Do any of you on this list have RL experence with it?  Are there any other
: problems with WatchGuard that I should know about?
: 
: Thanks for the help!
: 
: John

References:

SSL WatchGuard
From: Joe Smith <konk @ prop . caribnet . net>

Indexed By Date	Previous:	FW: DMZ Implementation From: G2 Security Division <AFZJ-I-S @ IRWIN . ARMY . MIL>
Indexed By Date	Next:	Re: SSL WatchGuard From: Eric Johnson <ej @ azid . com>
Indexed By Thread	Previous:	Re: SSL WatchGuard From: mht @ clark . net
Indexed By Thread	Next:	Re: SSL WatchGuard From: Eric Johnson <ej @ azid . com>