Yes Checkpoint DOES exist for Linux, but it's a little unstable atm. IMHO, if you are running a network of a size that requires Checkpoint or Gauntlet, then the underlying OS is irrelevant. <rant> My argument is that you should treat your firewall the same as your routers.. You don't run Windows OR Linux on your routers (Don't bother mentioning LRP, I know it exists, but faceit, it's not used by BIG organisations) and therefore you shouldn't bias yourself for your firewalls either. If you are going to run a comercial firewall, with high throughput, then pick the one you (or your techs) are trained on, and know how to work efficiently, and ask the vendor (and associated mailing lists) which of the supported OS's is the fastest/most reliable, and buy that. I see too many companies in the course of my day job (as a security auditor/ consultant) who have an NT only policy, so they run Gauntlet for NT (which is attrocious) or FW-1 for NT (Which is only marginally better) instead of the much better option of them on Solaris or HP-UX/BSD. Once again, if you are pumping enough data and have a complex enough network that you require FW-1 or Gauntlet you should be running a failover system like stonebeat between a couple of quad processor spacs, probably with two or 3 quad ethernet cards in them. When you build a system like this, you use the best tools for the job, not "Linux cause I'm a linux nut" or "Windows cause I'm a MS Monkey" Reality is that Linux doesn't (yet) scale anywhere near as well as Solaris or any of the other commercial "big" unicies. NT isn't even in the picture.... By all means, if you run a small network, ie, less than 10-15 live servers, run linux, with something lie TIS Firewall Toolkit (http://www.tis.com) or Juniper Firewall Toolkit from http://www.obtuse.com/ (which was just open-sourced btw) but remember that these are NOT as full featured and will not scale as well as the commercial ones.. Linux and open-source is getting there, but a firewall is a VERY specialised thing, and if you have not seen a "real" firewall and are under the misapprehension that they are similar to what http://www.linuxdoc.org/HOWTO/Firewall-HOWTO-3.html tells you to build you would be ... a little from the truth. Don't get me wrong, I think Linux as a GREAT OS, but if you want a big firewall, you are going to run it on a sparc or a dedicated box like a PIX. In either of those cases, why the hell would you want to put Linux on them? Remember you do not EVER use a firewall as a client... So all the niceness of linux is not important. It's simply how many packets can we inspect/drop/reject/ decrypt/rewrite/NAT without crashing/being compromised. </rant> bah... obviously the last 8 hours I spent arguing with a mixed Linux/Mac/Windoze network put me in a bad mode... -Nix At 01:20 PM 8/12/2000 -0500, you wrote:
Moin Roman!
do you mean a commercial firewall solution? if so, you might have a look at phoenix:
http://www.progressive-systems.com/
-- michael
Roman Ernst schrieb am Freitag, den 08. Dezember 2000:
Does there already exist a solution like Checkpoint for Linux (stonebeat, failover, nice editing of rules,.......)
Or is somebody working on such a solution???
Roman Ernst
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com