Date: Mon, 29 Oct 2001 23:26:29 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: Kelsey Cummings <kgc@sonic.net> Cc: Henrik Hudson <lists@rhavenn.net>, Julian Morgan <jmorganmcse@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: watchguard firewalls Message-ID: <20011029232629.A31658@dan.emsphone.com> In-Reply-To: <20011029174933.X42541@sonic.net> References: <F153ra5X5fN5y92LWJU00019517@hotmail.com> <200110310150.f9V1o4l31631@ashram.rhavenn.net> <20011029174933.X42541@sonic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Oct 29), Kelsey Cummings said: > On Mon, Oct 29, 2001 at 07:55:06PM -0600, Henrik Hudson wrote: > > On Monday 29 October 2001 19:21, Julian Morgan wrote: > > > Sorry - the question is not totally related to BSD - but they are > > > trying to replace my 7 network BSD structure with these things - > > > and have given me neally no detail and I want to make sure it is > > > a suitable product for VPN firewall capabilities There's no need to replace anything, unless your 7 machines were all firewalls (in which case replacing them with a single machine might be a good idea). The firebox is not a web, ftp, or email server. It filters and proxies services, but you still have to have a machine behind it serving up content. > > They run a Linux kernel in them and are stable if kept updated, > > etc....my only real nitpick with them is that they can only log to > > a NT machine running their logging agent which was a bit > > annoying..i mean your running a Linux kernel, I am sure they could > > figure out some sort of syslog funcitionality, but I digress. Recent versions of the firebox software can do syslog logging (this feature is about 6 months old, I think) > Just be warned that the Watchgaurd filewalls that I've seen can't do > anything BUT proxy outbound connections which means that the source > IP address of machines from inside get hidden. Which, is both good > and really bad. This has never been true; we are using ours in "drop-in" mode. It only NATs what you tell it to, and passes the rest through unchanged. The only big drawback to the Firebox (and it's a big one) is you must reboot to enable changes to your configuration, which basically means no changes during business hours. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029232629.A31658>