RE: boxed "multi-purpose" firewalls - overkill??

["Noller, Gregory" <Noller2G () kochind com>]

A lot depends on what else you may want it to do.  Simple firewalls may not
be as configurable as you would like.

If you need to have lots of DMZ's with different rules for each
port...Raptor's Eagle (http:\\www.axent.com)  is a good ($$$) choice.

If you need inexpensive, try a GnatBox (http://www.gnatbox.com/) on any old
486...or the WatchGuard Firebox (http://www.watchguard.com/firebox.html).
I've had good luck with both, though they are not NT, they are "one disk"
solutions.

For NT, I have a Network1 "Firewall Plus"
(http://www.network-1.com/products/firewall_nt.htm) that works well.

I have all of the above in production, and they work for the intended
purpose (not all are Internet).

Hope this helps.

Greg


On Wednesday, October 14, 1998 8:48 AM, mjd () interaxon gr
[SMTP:mjd () interaxon gr] wrote:
> hi all
>
> I am putting together a firewall, only on paper for now, and a few
> questions concerning the usefulness of boxed "muti-purpose" firewall
> products have surfaced.  I hope some of you guys can give me your
> thoughts on the matter.
>
> suppose...
> I have set up a screened network architecture firewall which is
> connected to the internet via an ISDN router (a baynetworks clam), and
> then this dmz is connected to my internal network via a packet
> filtering router (suggestions most welcome).  Ok, so now I need a
> bastion host to proxy my smtp, dns, and WWW.  So I think .. the client
> wants ease of use and reporting etc etc, has to be NT based, they have
> no nix skills at all.. so what about a boxed NT firewall product .. ok
> I say, how about Eagle (as everyone else is on about FW-1, and I like
> to be different), it does all I want and more.. packet filtering.. but
> I am sat here wondering why do I need this packet filtering?  I
> certainly dont want to combine this bastion host with my choke router.
>  Perhaps I could put it after my ISDN router, but is this really
> neccessary?
>
> So I am wondering why spend big bucks on a "multi-purpose" firewall
> package like Eagle is it only for the  reporting capabilities?
>
> i would be interested in hearing how others see the use of these
> products.
>
> mike
>
> ----------------------------------------------
> Michael J. Dilworth           Interaxon ltd.
>                               8 Rizariou St.
> tel:(+301)6801013/4           Halandri
> Fax:(+301)6801015             15233 Athens
>                               Greece
> ----------------------------------------------