Well, since we're all jumping on the self-promotion bandwagon here...Anitian is the local SonicWall reseller as well as WatchGuard, Checkpoint, Symantec, and others. Honestly, all these firewalls have their advantages and disadvantages and you could spend a lifetime haggling with people over them. Honestly, the difference between firewalls is becoming increasingly small. It is such a commoditized industry. One thing to consider: popularity tends to make things more vulnerable. The more of something there is, the more likely hackers will go after it. This is why Microsoft boxes seem like they have so many holes. There is an entire subculture of hackers consumed with cracking Microsoft boxes. Hence, Checkpoints are VERY popular and as such garner a lot more attention from hackers. The way I generalize these firewalls: Checkpoint: Very popular, flexible, great VPN, scalable, expensive, integrates with many other products. Its only worth while if you use it on a Nokia platform which makes it even more expensive. Sonicwall: Inexpensive, easy to use, ASIC designs, solid VPN, good bang for the buck. Netscreen: Feeds and speeds leader, reliable ASIC design, very expensive, very hard to use, lame VPN. WatchGuard: lots of features (the SMTP proxy rocks), a bit slower, easy to use, fair VPN. Symantec: Nice yellow box, integrates with existing Symantec products, lots of features, pricey, fair VPN. Cisco PIX: Capable, scalable, expensive. Its a natural for shops with existing Cisco infrastructure. Good VPN. Open Source (like IP filters for BSD): dirt cheap, reliable, stable, flexible, hard to use, limited VPN capability. Thus, a decision matrix for these products might be: If money is an issue: Stick with SonicWall, WatchGuard, or an open source firewall like IP filters in BSD. If you have money, need scalability, and want something popular: CheckPoint or PIX. If you have money, and are speed obsessed: Netscreen. As for personal firewalls, the Checkpoint personal firewall is basically a policy editor and manager for their VPN client. Its not much more than a port blocker. Which is helpful. I prefer full-intrusion detection capabilities out at the end-points. That way if the remote box gets hacked off-line or something comes down from corporate through the tunnel, the IDS (operating independent of the VPN software) can still pick it up and report it. This means a host-based IDS - which to me the only HIDS that is worth its muster and can be centrally managed is RealSecure Desktop Protector (formerly BlackICE). Which of course Anitian sells. :-) Good luck with your decision. ----------------------------------- Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------ ----Original Message----- From: Eric Kornberg [mailto:ekornberg@private] Sent: Tuesday, August 27, 2002 10:42 AM To: crime@private Subject: CRIME Checkpoint versus Sonicwall To all... We are having an issue justifying the money it would take to implement a Checkpoint solution versus a SonicWALL solution. One is $40,000 and the other is $5,000 It would appear to the "over exposed to IT trade information" eye that there is not a lot of difference - except in the price? Am I missing something? Anyone want to comment? (This would be for mixed Unix and Windows networks) Thank you in advance for your information.... Eric K.
This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 19:01:05 PDT