Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 188
  • Last Modified:

Firewall-1 - novice - Help Please...

I have the dubious pleasure of trying to configure Checkpoint Firewall-1 on an AIX 4.3.1 box for the very first time.

I've discovered today that I cannot use the GUI as I will
need to puchase an additional license to use the X/motif client - which I'm not too happy about. I must be able to
configure from the command line...(?)

The documentation received with the media is not very helpful.

Can any kind soul out there please point me at any worthwhile books/websites which may help me in my quest.

Thanks in advance...
0
penguin1
Asked:
penguin1
  • 3
  • 3
1 Solution
 
geoffrynCommented:
Try www.phoneboy.com  It is a good resource for FW-1.
0
 
HousenetCommented:
-A.I.X I can see but checkpoint was a bad idea..
-You just bought the thing correct ? Why not call the support line & explain the situation ?
0
 
Droby10Commented:
housenet, just curious what your aversion to checkpoint is...?
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
HousenetCommented:
-Droby10 to be truthfull I do not even have any personal experience with checkpoint. I have never heard anything but very bad things about it from many reliable sources...
-Crappy support, difficult to setup remote clients ..etc..
0
 
Droby10Commented:
hmmm...we've deployed enterprise fw-1 setups in numerous sites, and have few problems (never on aix, though...sun, nokia, and nt).

clients...? (vpn/management stations)
the vpn clients are a little fickle and occasionally we've seen the stack corrupt in nt installations...but it's rare, and we don't do that many nt installs.

the difficulty with support is that in almost all instances, verisign/checkpoint will attempt to get security/firewall technicians on site to fix the problems...and out of the technicians i know and have worked with they feel that their job is not to reconfigure a policies (that's the companies' role) but to do more of the enterprise architecture and initial installation work.  almost all of the problems they find are with incorrectly configured policies (usually because of an exasterbated rule-base).

-just my 2 cents.
0
 
HousenetCommented:
Droby, I value your opinion. Are you saying checkpoint is good ?
0
 
Droby10Commented:
imo, from a security standpoint, there's nothing better...no software firewall has the level and depth of inspection that checkpoint provides, and at the speed in which checkpoint does it...

from a configuration and bell's and whistles standpoint, there's still nothing better...although sometimes those bells and whistles add to the complexity of the beast...the downfall for most has always been finding experienced fw admins and the pricey licensing...

in relation to guantlet, pix, and netscreen; guantlet is less intuitive to use, pix has proven itself to be less of firewall and more of a packet-filter, and it seems netscreen almost matches checkpoint in terms of security, but lacks the level of configuration/options that fw-1 offers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now