[fw-wiz] Opinions wanted...

dlang at diginsite.com dlang at diginsite.com
Fri Nov 23 17:19:01 EST 2007


On Fri, 23 Nov 2007, Timothy Shea wrote:

> IMHO - if you haven't used either platform before and only 3 firewalls
> - either solution will require an equal amount of training to
> understand and my guess is that the VAR who is recommending against
> checkpoint will make more money if you buy checkpoint versus sidewinder.

either that or the VAR doesn't understand sidewinder, or only has a few people 
who do.

> That being said - for your type of application I would lean toward
> CheckPoint Secure Platform (SPLAT) versus Sidewinder or Checkpoint
> running on Nokia and my reasoning is that I can normally use what ever
> hardware platform my server teams support versus buying an all in one
> appliance solution (checkpoint nokia, sidewinder).

I definantly prefer the more open solution to an appliance, but if you would 
actually use the proxies that Sidewinder makes available, the difference in 
security is probably worth the decrease in flexibility.

the checkpoint has some application layer checks, but you have to go out of your 
way to enable them, and enabling them has a significant impact on the 
performance of the box.

the Sidewinder has packet filtering in addition to the proxies, but you have to 
go out of your way a little bit to use it (and their training heavily emphisises 
the use of proxies, with packet filtering being a last resort)

I just got back from the Sidewinder training and I was happier with it then I've 
been with any other vendor training I've been to in quite a while. the training 
moves pretty fast, but besides covering the 'here's how to navigate the GUI' 
basics that all vendors cover, they go a lot more in depth about what's 
happening, and how to troubleshoot when things don't work. for me this wasn't 
new but it was a good solid, but fast introduction to things (if the class moves 
fast enough they have a 2 hour lab on tcpdump in the lesson plans for example)

David Lang

> t.s
>
> On Nov 21, 2007, at 10:40 AM, Kurt Buff wrote:
>
>> All,
>>
>> I've been working with Watchguards at my current employer for quite a
>> while, but we're looking to replace them.
>>
>> We've received a recommendation from one firm for Sidewinders (a 410
>> and a couple of 110s for the branch offices).
>>
>> We've received a recommendation against the Sidewinders from another
>> firm saying that they are too complex to manage easily, and require
>> extensive training to understand - they recommend Checkpoint instead.
>>
>> Neither seems to be completely out of our price range, so it would
>> seem to come down to concerns regarding initial implementation and
>> ongoing management.
>>
>> Are the Sidewinders that much more complex than Checkpoints?
>>
>> Is one "better" (for whatever that might mean to you) than the other -
>> that is, if you have experience with both, which would you prefer, and
>> why?
>>
>> I, of course, am excited to be learning a new platform, and want to
>> move away from some of the quirkiness of the ancient Fireboxes we
>> have, but want to make a reasonable recommendation to management.
>>
>>
>> Thanks,
>>
>> Kurt
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards at listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards at listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>


More information about the firewall-wizards mailing list