On Fri, 20 Jul 2001, MALIN, ALEX (PB) wrote: > Why might anybody use FWZ (CheckPoint's propriatary encryption scheme), > rather than IKE? It's inherently less secure, as it can't use IPSec tunnel > mode. As I see it, there's a genaral problem with using firewalls for > encryption gateways. You don't want to tie up your gateway with all the > processing and memory usage that VPN devices require. CheckPoint seems to > have built a client-to-site VPN that is designed to reduce some of the > performace hit on the firewall. What you end up with, I think, is a kind of > security "lite." A little less data security (especially if you make > topology requests available to anybody with the SecuRemote client software). There used to be a time when you could get FWZ but there was no IKE or you would have to fill silly export forms. Hence the existance of FWZ out in the field. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 16:49:33 PDT