From owner-freebsd-security Sun Oct 8 14: 1:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 6257537B503 for ; Sun, 8 Oct 2000 14:01:43 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id PAA01849; Sun, 8 Oct 2000 15:01:34 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id PAA15915; Sun, 8 Oct 2000 15:01:33 -0600 (MDT) (envelope-from nate) Date: Sun, 8 Oct 2000 15:01:33 -0600 (MDT) Message-Id: <200010082101.PAA15915@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Darren Reed Cc: craig@allmaui.com (Craig Cowen), freebsd-security@FreeBSD.ORG (freebsd-security@FreeBSD.ORG) Subject: Re: Check Point FW-1 In-Reply-To: <200010070747.SAA26913@cairo.anu.edu.au> References: <39DEBB51.E51BACFB@allmaui.com> <200010070747.SAA26913@cairo.anu.edu.au> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > The big cheeses at work want to use check point instead of ipf or any > > other open source solution. > > Can anybody help me with vunerabilities to this so that I can change > > thier minds? > > Tell them that IP Filter is the software which protects Firewall-1 from > the Internet when running on Solaris - you have to go with naked FW-1 on > NT. There are two factors to this equation, however. FW-1 is typically > deployed on Solaris/NT machines although now the Nokia box makes up a > large number of those sales. The Nokia boxes run IPSO which was, long > ago, FreeBSD (I'm told it no longer bears much resemblence). Not completely true. I've heard rumors that underneath it's still pretty much FreeBSD, and they may be updating the packeage to FreBSD 4.1R 'Real Soon Now'. The biggest fator seems to be the silly license scheme that CheckPoint uses for 'porting' to other platforms. Nate - Not officially associated with the group @ Nokia that builds the boxes, although I have met a few of them as they are in the same building as my group at Nokia. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message