Ipchains vs Checkpoint vs CyberWall

Ipchains vs Checkpoint vs CyberWall

Post by Stearns » Tue, 13 Mar 2001 22:46:56



Hello all,

We are planning to set up a firewall for our network of about 50+  Win 9x
stations, a couple NT servers  and a dozens of RH Linux servers (database,
email. web, ftp, etc.)  

Since the firewall will be on a server by itself, so it can be a Windows or a
Linux.   How does IPCHAINS stack up against its counterparts in the Windows
world like Checkpoint, *Wall and others?    What features found in
commercial packages that IPCHAINS lacks?

Also, is hardware firewall better that a software firewall?

Thanks in advance for sharing your info and suggestions.  If anyone knows of
any such doc online, pls point me there.  Any comment is appreciated.

-stearns

 
 
 

Ipchains vs Checkpoint vs CyberWall

Post by The Spoo » Wed, 14 Mar 2001 01:08:41


Stearns28 wrote ...
-- Cut --
Quote:>How does IPCHAINS stack up against its counterparts in the Windows
>world like Checkpoint, *Wall and others?    What features found in
>commercial packages that IPCHAINS lacks?

>Also, is hardware firewall better that a software firewall?

-- Cut --

I've recently changed a firewall from a Checkpoint FW1 to one based on Red
Hat 7.0 and ipchains plus FreeS/WAN.

In favour of FW1 is the GUI-based administration software and some built-in
functionality like SQL*Net proxy (doesn't work with the encrypted SQL*Net
protocol of Oracle 8i, though) and other proxies (there are some GUI-based
packages for ipchains too, I've heard, but I haven't tried any of them as
yet).

In favour of the Linux-based firewall is the price (typically only HW +
setup time/consultancy fees for Linux) as commercial SW tends to be rather
expensive, like the VPN option for FW1. A Linux firewall is very flexible,
if you know how to do some programming -- like a POP-gateway I built that
protects the inner POP-server by allowing only the most basic commands and
by verifying line lengths to avoid buffer overflows.

One Linux firewall I built, masquerades internal addresses and assigns
specific external addresses to some internal computers when connecting to a
certain server that only allows users access from some predefined IP-address
as extra protection. This same firewall accepts and redirects print-jobs
from specific external computers to internal print-servers and creates VPN
connections to externally hosted web-servers for administration.

I haven't seen anything in FW1 like the TIS Firewall Toolkit SMTP-gateway as
a secure frontend for mail servers, the POP-gateway as a secure frontend for
POP-servers or the SuSE FTP-proxy that allows incoming FTP connections to
masqueraded computer (preferably in a demilitarised zone).

All-in-all, I'm in favour of a Linux firewall as I earn more in consultancy
fees :-) and still provide the customer with a cheaper and more flexible
solution than one using FW1.

  /TRY

 
 
 

Ipchains vs Checkpoint vs CyberWall

Post by John Hasle » Wed, 14 Mar 2001 01:26:05


Quote:Stearns28 writes:
> How does IPCHAINS stack up against its counterparts in the Windows world
> like Checkpoint, *Wall and others?

Linux firewalling is an integral part of the kernel, not a third-party
add-on.

Quote:> What features found in commercial packages that IPCHAINS lacks?

Backdoors.

Quote:> Also, is hardware firewall better that a software firewall?

There is no such thing as a hardware firewall.
--
John Hasler

Dancing Horse Hill
Elmwood, Wisconsin
 
 
 

Ipchains vs Checkpoint vs CyberWall

Post by Vilmos Sot » Wed, 14 Mar 2001 02:35:48



> We are planning to set up a firewall for our network of about 50+  Win 9x
> stations, a couple NT servers  and a dozens of RH Linux servers (database,
> email. web, ftp, etc.)  

> Since the firewall will be on a server by itself, so it can be a Windows or a
> Linux.   How does IPCHAINS stack up against its counterparts in the Windows
> world like Checkpoint, *Wall and others?    What features found in
> commercial packages that IPCHAINS lacks?

Also take a look at OpenBSD/ipf combo. They do an awesome packet filter
machine, too.

http://www.veryComputer.com/
http://www.veryComputer.com/~avalon
http://www.veryComputer.com/

Vilmos

 
 
 

1. Linux vs OS2 vs NT vs Win95 vs Multics vs PDP11 vs BSD geeks

        Every machine and operating system has got its useful
purpose...

        I see no point in argueing with people which OS is better, and
which is worse, and what will survive and what wont...

        The bottom line is obviously the best OS is the one that make
the end user most productive.    Ive used quite a variety of software
from intel, ibm, MS, sun, GNU, DEC/compaq, etc,   and everything OS
has got its UPz and DOWnz, so depending on what you want to do with it
yer machine, probably determines what OS you run.

        So lets cut to the chase -  OS bashing is a waste of time,
and most of the time I'd say the person putting it down just hasn't
seen that particular OS's potential,  or should I say speciality....

      Hell,  Plan 9 has even got some interesting features.. <snicker>

       And all PC users know,  that no matter what use on a day to day
basis on the PC, that one day you will need to boot good ole ancient
DOS to do something...

2. can't map '/usr/openwin/lib/libxview.so.3.2.2

3. IPChains vs. CheckPoint???

4. Best FIREWALL Linux

5. Perfomance: tar vs ftp vs rsync vs cp vs ?

6. :NCR53C710 DMA Timeout problem

7. Slackware vs SuSE vs Debian vs Redhat vs ....

8. registered doom wad with linuxsdoom

9. DOS vs. Windows vs. Mac vs. Unix vs. NS

10. KDE vs. Openlook vs. Xfree86 vs. MetroX vs. CDE

11. Redhat vs Debian vs Yggdrasil vs Caldera vs ...

12. Sunscreen vs. IPchains vs TCPwrappers on Sol9?

13. portfw vs. autofw vs. ipchains