I've worked with all different kinds of Firewalls - Raptor Eagle (now
Symantec), ipfilter/iptables/ipchains/pf etc., Watchguard, Checkpoint,
PIX/ASA among them. One thing that I have learned: The most important
feature of a firewall is not it's filtering ability - every single
firewall nowadays can filter based on whatever state/content/fancy
feature you name. It's the logging, that makes the difference. If your
firewall log sucks - or better - if the Firewall Log Display sucks, you
won't read logs. And that's bad.
This may seem like a minor point for Linux/BSD people used to read all
kinds of cryptic log formats - for Firewall Administrators in large
companies it is a major issue. I personally like the Checkpoint
Logviewer (they call it 'tracker') most of all. YMMV.
Rolf Sommerhalder wrote:
Chris Gravell wrote:
Sounds like a lot of hard work, Rolf!
Yes, but it's fun as well as, as you can really learn and understand how
the stuff really works. Support provided by developers and the community
over mailing lists is quite amazing.