[windows2000] Re: OT Firewalls

• From: "Randall Yoo" <randallyoo@xxxxxxxxxxx>
• To: <windows2000@xxxxxxxxxxxxx>
• Date: Sun, 29 Feb 2004 01:08:11 -0800

While inputs from other participants of this thread are valid, I think I
understand where Greg is coming from.
 
I've deployed Watchguards for clients before (along with PIXs, Netscreens,
Sonicwalls, etc) and they're different in that it's essentially a
proxy-based firewall (whereas, most others are stateful-inspection based).
As that typically means it works all the way up Application layers (which is
a good thing), the performance tends to be slower - especially when compared
to ASIC-chip based architecture that Netscreens run on.  So, (I've not kept
up to date recently with Watchguards, but) I believe Watchguard is re-doing
their Firebox line around ASIC architecture for added performance.  And, if
I may further surmise, I believe Watchguard may be forcing their customers
to upgrade/change-over to their new product lines.
 
If my assumption is correct, then it's clearly a case where Watchguard is
unnecessarily (at least from customers' perspective) forcing the issue.  I
seriously doubt that their new line of products are incorporating some sort
of new, revolutionary security technologies to the extent that you could
justify "you gotta dump the old units and use these right now!!!"
 

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Reese
Sent: Friday, February 27, 2004 11:31 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: OT Firewalls


I have no problem spending the money.  My company will allow me to spend
whatever I want whenever I want without much question.  
 
I just don't like Watchguard's new practice of holding their customers
hostage like this and want to see what else is out there.
 
If I can get the same level of security and not be held hostage by their
competition, then I want to explore that before I make a decision.
 
Greg

  _____  

From: Tony Lyne [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Tony
Lyne
Sent: Friday, February 27, 2004 2:24 PM
To: windows2000@xxxxxxxxxxxxx
Subject: RE: [windows2000] Re: OT Firewalls


Jim is absolutely right here. A large part of my job is security
consultation and design.
 
We all spend so many $$$ a year keeping out Antivirus and other gateway
products up to date but totally make it pointless if you dont keep your
perimiter security up to scratch. Firewalls are often seen as a once only
expense and IT shops often neglect the importance of keeping them patched
and up todate.
 
Many firewalls are looking at working at different layers (application layer
rather than stateful inspection only) as well as attacks are becoming more
advanced, which is why you have to spend the extra $$ to subscribe to their
support programs. 
 
Trust me, spending the extra money on staying up to date is worth it in the
long run.
 
Also dont forget about a decend NIDS/IDS system. My recommendation is Eaglex
and snort from engage security. Its open source and is perfect for keeping
an eye on your firewall to make sure its doing its job internally and
externally. Also it can be used to keep check on youre internal network
traffic.
 
My personal preference in firewalls is Borderware firewall server and
Netscreens range. 
 
My 2c worth.
 
Tony.

-----Original Message----- 
From: Jim Kenzig http://thin.net [mailto:jimkenz@xxxxxxxxxxxxxx] 
Sent: Sat 28/02/2004 7:09 a.m. 
To: windows2000@xxxxxxxxxxxxx 
Cc: 
Subject: [windows2000] Re: OT Firewalls


How much would it cost you to clean up if your network was hacked?  How much
money would your company lose from downtime.  Would you still have a job?
$7000 is pennies when I start answering those questions. Every 3 years
updating critical hardware is not unrealistic.  Bandwidth technology has
improved every few years also...it makes sense to keep your equipment in
line with it. 
 
JK 

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Greg Reese
Sent: Friday, February 27, 2004 11:57 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: OT Firewalls


My Cisco gear has been in the rack for four years.  We keep out smartnet up
to date and have never had a problem.  Cisco has never come back to us and
told us we have to replace all our hardware with their new stuff.
 
The Firebox X only comes with 90 days of live security so right off the bat
I have to buy more live security.  It doesn't include Web Blocker anymore
either.  they keep telling me that I only have to buy the features I need
and can upgrade later.  That would be great if it was cheaper but its not.
The firebox X 700 now ends up costing me over $3000.00.  I have 125 users
and don't use VPN.  Then what, in two years they tell me that the X is being
retired and I have to throw it out and buy the all new XI?
 
I paid 2000 for the firebox two. I renewed Live Security on it for two
years.  I now have over $4000 invested in a firewall that I have to throw
out and spend another $3000 to replace it.  $7000 in three years for
internet security is a bit steep for 125 users and no VPN.
 
Greg
 
 

  _____  

From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig
http://thin.net
Sent: Friday, February 27, 2004 11:39 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: OT Firewalls


C'mon Greg,
WatchGuard, Rules....it makes sense that you'll need to keep your firmware
up to date to keep up with the latest vulnerabilities and threats. All the
vendors do it especially Cisco. It is planned obsolescence. I'd get the
Firebox X in a heartbeat.  
JK

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Greg Reese
Sent: Friday, February 27, 2004 11:29 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] OT Firewalls



I have been a loyal Watchguard customer for a few years now but their new
strategy of cutting off old products and forcing you into new ones is
pissing me off right now.

I am exploring other options.  What are the rest of you using for firewalls?


I liked Watchguard because I could configure it myself and they had great
support available online.   But they dropped support for the Firebox II and
are telling me I have to get a Firebox III.  Now they have come out with the
Firebox X.  I am sure by the end of the year they will be telling me I have
to upgrade from the III to the X.  I really don't want to play that game.  I
get enough of that from Microsoft and Great Plains.  I don't need it from my
firewall too.

Greg 

• References:
  • [windows2000] Re: OT Firewalls
    • From: Greg Reese

Other related posts:

• » [windows2000] OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls
• » [windows2000] Re: OT Firewalls

1. Home
2. windows2000
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---