From owner-freebsd-security Sat Oct 7 0:48: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 6DDD837B502 for ; Sat, 7 Oct 2000 00:47:57 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id SAA26913; Sat, 7 Oct 2000 18:47:45 +1100 (EST) From: Darren Reed Message-Id: <200010070747.SAA26913@cairo.anu.edu.au> Subject: Re: Check Point FW-1 To: craig@allmaui.com (Craig Cowen) Date: Sat, 7 Oct 2000 18:47:45 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG (freebsd-security@FreeBSD.ORG) In-Reply-To: <39DEBB51.E51BACFB@allmaui.com> from "Craig Cowen" at Oct 06, 2000 10:57:37 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Craig Cowen, sie said: > > The big cheeses at work want to use check point instead of ipf or any > other open source solution. > Can anybody help me with vunerabilities to this so that I can change > thier minds? Tell them that IP Filter is the software which protects Firewall-1 from the Internet when running on Solaris - you have to go with naked FW-1 on NT. There are two factors to this equation, however. FW-1 is typically deployed on Solaris/NT machines although now the Nokia box makes up a large number of those sales. The Nokia boxes run IPSO which was, long ago, FreeBSD (I'm told it no longer bears much resemblence). Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message