[windows2000] Re: OT Firewalls
- From: "Tony Lyne" <Tony.Lyne@xxxxxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Sat, 28 Feb 2004 10:08:23 +1300
Possibly, but most firewalls go through the usual certification tests as well.
and Borderware always consistently rates the highest.
geezzz Im sounding like a sales consultant now.
It is one of the lesser known firewalls around, possibly due to its price (its
one of the more expensive ones) but its well worth the $$$. Every single
implementation of BWFWS Ive done have had the clients rave about it. especially
the logging and reporting capabilities (partially because of its working on the
application layer)
I like the Netscreen range especially partial to the 25 series. Great for thin
client because of its QoS features but I still dont rate it in the same league
as a pure hardened firewall as compared to the Borderware products.
Market share in NZ here is quite good. I believe BWFWS is the firewall of
choice here for a most Govt departments.
T.
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx on behalf of Randall Yoo
Sent: Sat 28/02/2004 9:38 a.m.
To: windows2000@xxxxxxxxxxxxx
Cc:
Subject: [windows2000] Re: OT Firewalls
Let me preface this by professing that, while I'm versed in PIX,
Netscreen, Sonicwall & Watchguard, I'm not familiar with borderware products.
I'm sure it's a fine product.
Having said that, I wonder if your claim is at least in part due to its
relatively small market share and, therefore, recognition. As an analogy,
Microsoft have had more than its share of vulnerabilities exposed due to its
high profile presence, name recognition, its business practice, etc. And,
conversely, I'm sure there are lot of vulnerabilities in other lesser-known
systems that are yet unknown or unpublished due to the fact that they attract
less attention.
-----Original Message-----
From: Tony Lyne [mailto:windows2000-bounce@xxxxxxxxxxxxx] On
Behalf Of Tony Lyne
Sent: Friday, February 27, 2004 12:03 PM
To: windows2000@xxxxxxxxxxxxx
Subject: RE: [windows2000] Re: OT Firewalls
Thats one of the reasons why I like borderwares products. You
pay a reasonable subscription fee annually and that gives you access to version
upgrades at no extra cost. Their support is great as well. The initial $$$
layout is a little more than other but you save money long term.
The firewall itself I rate as probably the most secure on the
market. Its (I believe) the only firewall appliance that has no vulnerabilities
posted about it. Works entirely on the application layer (much more secure than
the stateful inspection method of the PIX and other firewalls). Also is the
highest certified firewall around.
goto www.borderware.com for more information.
Tony.
-----Original Message-----
From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]
Sent: Sat 28/02/2004 8:30 a.m.
To: windows2000@xxxxxxxxxxxxx
Cc:
Subject: [windows2000] Re: OT Firewalls
I have no problem spending the money. My company will
allow me to spend whatever I want whenever I want without much question.
I just don't like Watchguard's new practice of holding
their customers hostage like this and want to see what else is out there.
If I can get the same level of security and not be held
hostage by their competition, then I want to explore that before I make a
decision.
Greg
_____
From: Tony Lyne
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Tony Lyne
Sent: Friday, February 27, 2004 2:24 PM
To: windows2000@xxxxxxxxxxxxx
Subject: RE: [windows2000] Re: OT Firewalls
Jim is absolutely right here. A large part of my job is
security consultation and design.
We all spend so many $$$ a year keeping out Antivirus
and other gateway products up to date but totally make it pointless if you dont
keep your perimiter security up to scratch. Firewalls are often seen as a once
only expense and IT shops often neglect the importance of keeping them patched
and up todate.
Many firewalls are looking at working at different
layers (application layer rather than stateful inspection only) as well as
attacks are becoming more advanced, which is why you have to spend the extra $$
to subscribe to their support programs.
Trust me, spending the extra money on staying up to
date is worth it in the long run.
Also dont forget about a decend NIDS/IDS system. My
recommendation is Eaglex and snort from engage security. Its open source and is
perfect for keeping an eye on your firewall to make sure its doing its job
internally and externally. Also it can be used to keep check on youre internal
network traffic.
My personal preference in firewalls is Borderware
firewall server and Netscreens range.
My 2c worth.
Tony.
-----Original Message-----
From: Jim Kenzig http://thin.net
[mailto:jimkenz@xxxxxxxxxxxxxx]
Sent: Sat 28/02/2004 7:09 a.m.
To: windows2000@xxxxxxxxxxxxx
Cc:
Subject: [windows2000] Re: OT Firewalls
How much would it cost you to clean up if your
network was hacked? How much money would your company lose from downtime.
Would you still have a job?
$7000 is pennies when I start answering those
questions. Every 3 years updating critical hardware is not unrealistic.
Bandwidth technology has improved every few years also...it makes sense to keep
your equipment in line with it.
JK
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Greg Reese
Sent: Friday, February 27, 2004 11:57 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: OT Firewalls
My Cisco gear has been in the rack for
four years. We keep out smartnet up to date and have never had a problem.
Cisco has never come back to us and told us we have to replace all our hardware
with their new stuff.
The Firebox X only comes with 90 days
of live security so right off the bat I have to buy more live security. It
doesn't include Web Blocker anymore either. they keep telling me that I only
have to buy the features I need and can upgrade later. That would be great if
it was cheaper but its not. The firebox X 700 now ends up costing me over
$3000.00. I have 125 users and don't use VPN. Then what, in two years they
tell me that the X is being retired and I have to throw it out and buy the all
new XI?
I paid 2000 for the firebox two. I
renewed Live Security on it for two years. I now have over $4000 invested in a
firewall that I have to throw out and spend another $3000 to replace it. $7000
in three years for internet security is a bit steep for 125 users and no VPN.
Greg
_____
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig
http://thin.net
Sent: Friday, February 27, 2004 11:39 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: OT Firewalls
C'mon Greg,
WatchGuard, Rules....it makes sense
that you'll need to keep your firmware up to date to keep up with the latest
vulnerabilities and threats. All the vendors do it especially Cisco. It is
planned obsolescence. I'd get the Firebox X in a heartbeat.
JK
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Greg Reese
Sent: Friday, February 27, 2004 11:29 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] OT Firewalls
I have been a loyal Watchguard customer
for a few years now but their new strategy of cutting off old products and
forcing you into new ones is pissing me off right now.
I am exploring other options. What are
the rest of you using for firewalls?
I liked Watchguard because I could
configure it myself and they had great support available online. But they
dropped support for the Firebox II and are telling me I have to get a Firebox
III. Now they have come out with the Firebox X. I am sure by the end of the
year they will be telling me I have to upgrade from the III to the X. I really
don’t want to play that game. I get enough of that from Microsoft and Great
Plains. I don't need it from my firewall too.
Greg
Other related posts:
