Radware is a sweet solution. I've been involved with the new Cisco CSS stuff
and that is even cooler!
Open source is great, and yes I've seen it in enterprise environments. But
every solution I've seen implemented has ended up as shelfware. The
non-existance of support during critical issues is usually the match behind the
fire. I do however agree and pursue the use of open source where applicable.
-----Original Message-----
From: Richard St John [mailto:Richard.StJohn@gbe.com]
Sent: Wednesday, March 22, 2006 4:13 PM
To: Shaun Bertrand; 3shool@gmail.com; dballester@kernpharma.com
Cc: firewalls@securityfocus.com
Subject: RE: Enterprise Gigabit Firewall
I can actually disagree with you. I know of a couple Fortune 500-1000 companies
that are basing their security posture on open source & free products. Two come
to mind here in St. Louis.
The rest I do agree with, I, personally, prefer the SideWinder G2 units because
they can do all 4 of his options as well the Gigabit requirements he has. As
for load balancing, the eval we did last year brought us to separate vendor
load balancing {firewalls and load balancing from different vendors} and we
chose Radware just due to the through put
Richard
"Shaun Bertrand" <sbertrand@cbihome.com> 03/22 12:21 PM >>>
Well, the first sentence says it all.
"We are planning to purchase an Enterprise Firewall for our Head Quarters."
How do you plan on supporting an enterprise environment with all free products?
Anyone working in a fortune 500 company knows there is no tolerance for free
programs. Especially in the security sector. No support, no standards, and when
it comes to compliancy assurance of the free program there is just no way. I
see your stance though, and would love if this were feasible.
I would suggest what you've already recommended yourself (checkpoint,
sonicwall) along with Symantec and Fortinet. I agree with Dave in regards to
putting all your eggs in one basket. Modify your budget to include a high
availability/load balanced solution.
Shaun
________________________________
From: David Ballester [mailto:dballester@kernpharma.com]
Sent: Wednesday, March 22, 2006 12:52 PM
To: 3 shool
Cc: firewalls@securityfocus.com
Subject: Re: Enterprise Gigabit Firewall
El miÃ, 22-03-2006 a las 15:34 +0530, 3 shool escribiÃ:
Hello Everyone,
We are planning to purchase an Enterprise Firewall for our Head
Quarters. I have been doing some research recently on various possible
options. I do have budget restrictions and that is one important
factor which is going to influence management's decision.
WHat we need is an Enterprise Firewall that can:
1. Establish site-to-site VPN between our 4 branch locations
2. Establish client-to-site VPN for roaming users
3. Should support 500 Internet users at HO
4. Has a Gateway Antivirus, IPS and Content Filtering
Optionally, we also plan to move our SAP servers on this firewall in a
new zone. We would opt this only if the firewall provides us gigabit
throughput for our SAP servers.
For this solution I have been thinking of ISS, SonicWALL, Checkpoint
and Netscreen. It would be great if the list could put their thoughts
on what would be ideal for our scenario. I have also heard that
SonicWALL has a gigabit firewall model, Pro 5060. The price seems to
be really low compared to Checkpoint+Nokia, but would SonicWALL 5060
be a good option?
Thanks in advance.
GNU/Linux with iptables + IKE/Racoon ( ipsec ) , openvpn ( an very easy VPN ) +
Clamav ( antivirus ) + Snort ( IDS ) + bonding ethernets ?
All for free ( as beer ) and near for free ( as beer )
In any way, my 2 cents, don't concentrate all in one product/machine, if this
one goes down, all your services goes down with it. I like more the cluster
with low budget machines or blades aproach , but this is only MMO
Regards
David Ballester
_________________________________________________________________________________________
CBI prefers to send all email in a secure, encrypted, easy-to-use manner. We
are one of a few, select companies to have earned the Certified Solution
Partner (CSP) designation from PGP. To easily secure all future messages from
this sender using industry leading PGP Universal technology, please click this
link:
https://keys.cbihome.com:441/b/b.e?r=firewalls%40securityfocus.com&n=scqOC7%2BQMRfgm%2FQ1ZuWGuw%3D%3D
_________________________________________________________________________________________
CBI prefers to send all email in a secure, encrypted, easy-to-use manner. We
are one of a few, select companies to have earned the Certified Solution
Partner (CSP) designation from PGP. To easily secure all future messages from
this sender using industry leading PGP Universal technology, please click this
link:
https://keys.cbihome.com:441/b/b.e?r=firewalls%40securityfocus.com&n=scqOC7%2BQMRfgm%2FQ1ZuWGuw%3D%3D
