On Fri, 20 Jul 2001, MALIN, ALEX (PB) wrote:
> Why might anybody use FWZ (CheckPoint's propriatary encryption scheme),
> rather than IKE? It's inherently less secure, as it can't use IPSec tunnel
> mode. As I see it, there's a genaral problem with using firewalls for
> encryption gateways. You don't want to tie up your gateway with all the
> processing and memory usage that VPN devices require. CheckPoint seems to
> have built a client-to-site VPN that is designed to reduce some of the
> performace hit on the firewall. What you end up with, I think, is a kind of
> security "lite." A little less data security (especially if you make
> topology requests available to anybody with the SecuRemote client software).
There used to be a time when you could get FWZ but there was no IKE or you
would have to fill silly export forms. Hence the existance of FWZ out in
the field.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 16:49:33 PDT