From owner-freebsd-security Sat Oct 7 8:49:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id ED2BE37B503 for ; Sat, 7 Oct 2000 08:49:37 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hwDl-0001s4-00; Sat, 07 Oct 2000 17:49:09 +0200 Date: Sat, 7 Oct 2000 17:49:09 +0200 (IST) From: Roman Shterenzon To: Chris Faulhaber Cc: Craig Cowen , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: <20001007074145.A59213@earth.causticlabs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 7 Oct 2000, Chris Faulhaber wrote: > On Fri, Oct 06, 2000 at 10:57:37PM -0700, Craig Cowen wrote: > > The big cheeses at work want to use check point instead of ipf or any > > other open source solution. > > Can anybody help me with vunerabilities to this so that I can change > > thier minds? > > > > Ah, so your PHB's are security experts? Make sure their number is the > first one called when problems arise :) Hi, Speaking for myself (Xpert are official ChekPoint dealer) I can say that although FW-1 might had some problems, it's quite good. It's quite secure as well (usually installed on Solaris/(sparc|i386) ) It's very easy in administration and has very nice GUI. It also includes VPN which makes it very useful for enterprise deployment. I think it's a good product after all. P.S. I once started making gui for ipfilter that resembles cp fw1, but didn't finish it.. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message