Need suggestions for (Linux) firewall - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » Need suggestions for (Linux) firewall

Page 3 of 3

3

Topic Options

#172565 - 2007-01-09 10:19 AM Re: Need suggestions for (Linux) firewall [Re: Les]
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	Just FYI, ISA 2006 supports 1:1 NAT inbound $\:\)$ @Björn, the ISA is very secure, and I would most definetly not see it as suicide to put it in the front end, it's what it's designed for $;\)$ All traffic and features are disabled by default when installing and the ISA 2006's management GUI is very nice. But there is also very strong arguments for differenting OS's when firewalling, in theory it reduces the attack surface, which speaks for nix or other firewall OS's than Windows-based ones. _________________________ The tart is out there*
Top

#172579 - 2007-01-09 03:46 PM Re: Need suggestions for (Linux) firewall [Re: masken]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	ISA 2006 is just lipstick on the chicken. It has no improvements with regard to NAT over ISA 2004. For that matter, it has few improvements at all, hence the chicken lips analogy. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#172581 - 2007-01-09 04:26 PM Re: Need suggestions for (Linux) firewall [Re: Les]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	Wow $\:o$ I guess I asked "THE" question. All you guys start arguing about what firewall is best. I guess it also depends on some personal experience with the different products. I looked at several options and decided to request a Symantec SGS 1600 series demo unit. ISA would be nice but is too expensive as is the Cisco PIX series. My knowledge about Linux and its security is too little for now and could cause serious vulnerabilities. Smoothwall is nice but has some issues with supported NIC's. The time period is also an issue because like I said we are moving to a new building. During the move we are rebuilding part of the network all has to be done by March 1st 2007. I've worked with the little brother (300 series) and the big brother (5600 series) of the Symantec SGS 1600 series. Also the 1600 series is affordable for us (we are just a small business) at a price between 1600 and 2000 euro's (19% VAT to be added to that price). Edited by Mart (2007-01-09 04:27 PM) _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#172582 - 2007-01-09 05:15 PM Re: Need suggestions for (Linux) firewall [Re: Les]
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	Originally Posted By: Les ISA 2006 is just lipstick on the chicken. It has no improvements with regard to NAT over ISA 2004. For that matter, it has few improvements at all, hence the chicken lips analogy. I'm sorry Les, but you're wrong. Where have you gotten these ideas from? Many underlying things in ISA 2006 has been rewritten and improved, and quite a few new features. There's support for Exchange 2007. New BOVPN functionality, new flood & worm protection, new single sign on feature, new LDAP auth meaning the ISA doesn't have to be a domain member, automatic link translation for internal published sites, BITS caching, HTTP compression and a few others, especially many web publishing improvements. So I'd definetly say there's more than lipstick involved :p Have a look at this article: http://www.isaserver.org/articles/White-Paper-Why-ISA-2006-Better-Solution-than-ISA-2000-2004.html Edited by masken (2007-01-09 05:25 PM) _________________________ The tart is out there
Top

#172589 - 2007-01-09 06:42 PM Re: Need suggestions for (Linux) firewall [Re: masken]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I thought we were just talking about NAT? Many of those are also included in the free SP for ISA2K4, so the remaining functionality that one would have to pay for, I consider lipstick. If one of them were something I could personally use, I might sing a different tune. I will stay with 04 for now and not pay the big bucks for something I'm not likely to make good use of. Now all this is only relevant if one were upgrading from 04 to 06 but still, the ISA community on the whole, was disappointed in what was left out from their wish list, real 1:1 NAT being high on the list. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

Page 3 of 3

3

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 581 anonymous users online.

Newest Members

Audio, Hoschi, Comet, rrosell, PatrickPinto
17880 Registered Users

Generated in 0.054 seconds in which 0.025 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking