Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

RE: FW appliance comparison - Seeking input for the forum
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 1 Feb 2006 11:59:55 -0500

-----Original Message-----
Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum

I think it would be interesting to know what type of group of was
responsible for managing 
the firewalls in the study. I am moving an account off of a Checkpoint
being managed by a 
services organization onto a PIX platform (no intent to start a vendor
war) - and I have 
been surpised by the permissiveness, and redundancy, in the "managed"
ruleset. The managed set broke two of the major rules in the documented in
the paper - and 
possibly a third if I had it on front of me.

Of course this takes a new tangent; but it would be an interesting study.

Haha!  I have to tell you, as soon as I read this, I immediately thought of
two vendors and am wondering if either of them are the vendor in this case.
But embarrassing vendors - as fun as it is - isn't part of the list charter.

The one thing that always struck me funny about these situations where an
MSSP does a lousy job of remotely managing a Check Point rule base is that,
in order to get Check Point's seal of approval, you've got to run
Provider-1, which is a fairly large cash layout to start a service like
that.  But then to not spend much if any money on staff and staff
training...

I guess I shouldn't be surprised, but I am.  And amused.  But only because
it's not my firewall.  :-)

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]