Solved

Firewall-1 - novice - Help Please...

Posted on 2001-06-14
7
173 Views
Last Modified: 2013-11-16
I have the dubious pleasure of trying to configure Checkpoint Firewall-1 on an AIX 4.3.1 box for the very first time.

I've discovered today that I cannot use the GUI as I will
need to puchase an additional license to use the X/motif client - which I'm not too happy about. I must be able to
configure from the command line...(?)

The documentation received with the media is not very helpful.

Can any kind soul out there please point me at any worthwhile books/websites which may help me in my quest.

Thanks in advance...
0
Comment
Question by:penguin1
  • 3
  • 3
7 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 100 total points
ID: 6191557
Try www.phoneboy.com  It is a good resource for FW-1.
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6193237
-A.I.X I can see but checkpoint was a bad idea..
-You just bought the thing correct ? Why not call the support line & explain the situation ?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6200360
housenet, just curious what your aversion to checkpoint is...?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 12

Expert Comment

by:Housenet
ID: 6200517
-Droby10 to be truthfull I do not even have any personal experience with checkpoint. I have never heard anything but very bad things about it from many reliable sources...
-Crappy support, difficult to setup remote clients ..etc..
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6200980
hmmm...we've deployed enterprise fw-1 setups in numerous sites, and have few problems (never on aix, though...sun, nokia, and nt).

clients...? (vpn/management stations)
the vpn clients are a little fickle and occasionally we've seen the stack corrupt in nt installations...but it's rare, and we don't do that many nt installs.

the difficulty with support is that in almost all instances, verisign/checkpoint will attempt to get security/firewall technicians on site to fix the problems...and out of the technicians i know and have worked with they feel that their job is not to reconfigure a policies (that's the companies' role) but to do more of the enterprise architecture and initial installation work.  almost all of the problems they find are with incorrectly configured policies (usually because of an exasterbated rule-base).

-just my 2 cents.
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6202042
Droby, I value your opinion. Are you saying checkpoint is good ?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6202151
imo, from a security standpoint, there's nothing better...no software firewall has the level and depth of inspection that checkpoint provides, and at the speed in which checkpoint does it...

from a configuration and bell's and whistles standpoint, there's still nothing better...although sometimes those bells and whistles add to the complexity of the beast...the downfall for most has always been finding experienced fw admins and the pricey licensing...

in relation to guantlet, pix, and netscreen; guantlet is less intuitive to use, pix has proven itself to be less of firewall and more of a packet-filter, and it seems netscreen almost matches checkpoint in terms of security, but lacks the level of configuration/options that fw-1 offers.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now