[Shorewall-users] Shorewall Vs Other Firewall Products

Francesca C Smith sysadmin@ladylinux.com
Thu, 25 Jul 2002 09:25:29 -0400


Thank you very much for your kind words .. I am backed up as well as any
other consulting group ... And I am training the local staff on Shorewall
use et all ... I think one point is missing with the Big Vendors vs The Open
Source Camp. That is that Open Source People have a love for the intricacys
of the product while Big Vendors are more in line with Profit Margin. I do
for my customer with results and not pretty boxes and books. I ask what do
you need ?.. I find the right tool ... and I set it up ... (Yes I do get
paid for this of course) .. They say let me get you a quote for the product
and licenses and then we will find you a consultant.

Thank You,

Francesca C Smith
Lady Linux Internet Services
----- Original Message -----
From: "Thad Marsh" <thad@marshtek.com>
To: "Rob B" <rbyrnes@ozemail.com.au>; "Francesca C Smith"
Cc: <shorewall-users@shorewall.net>
Sent: Thursday, July 25, 2002 7:07 AM
Subject: RE: [Shorewall-users] Shorewall Vs Other Firewall Products

> While studies are great and will certainly simplify the argument for those
less familiar with the product, it is often sufficient to just suggest that
you look at feature set.  I often come across the cult-like following of
some products only to find out the "white paper warriors" have taken little
time considering the individual qualification of the product their
> I have not been a big fan of Linux in the past, but given the value and
the quality of development my mix of use has greatly changed.
> One consistent draw back in the open source land is the support and more
importantly the documentation.
> What your detractors may be saying is, look I have clear concise
documentation and 24-hour support does your product have this?
> In this case Tom does a pretty awesome job with support and documentation,
but to enterprises that may not be sufficient.  Now paid support is
available I'm sure!
> You also have to consider the chain of custody?
> While you might be here today you could be gone tomorrow, could your
client find the relevant support staff quickly and reasonable to come in and
support the product?
> You also bear responsibility to line up backup support here!
> Also they are making an assumption that just because it is a PIX,etc box
its installed properly.  How many studies have all of us read about the
number of improperly installed firewalls there are out there?  Knowing the
product and installing it properly is the key no matter which product you
are talking about!  I would not suggest attacking ones credentials only that
there are studies that improperly configured firewalls are out there and the
their product could be of the mix.
> I always hope that as a consultant the dialog is more of knowledge
exchanges, you know, hey take a look at this Shoreline config it does all
that this Cisco box does for a much greater value!  But unfortunately people
get very territorial, I guess that the fun of our job educating the cult!
> I realize that this by no means scientific, I just thought some of the
points might come in handy supporting Shorewall as the great product it is
until someone does a whit paper!  Sorry for the diatribe!
> -----Original Message-----
> From: Rob B [mailto:rbyrnes@ozemail.com.au]
> Sent: Thursday, July 25, 2002 2:04 AM
> To: Francesca C Smith
> Cc: shorewall-users@shorewall.net
> Subject: Re: [Shorewall-users] Shorewall Vs Other Firewall Products
> At 10:23 25/07/2002, Francesca C Smith sent this up the stick:
> >Hello,
> >
> >I use Shorewall at a clients site ... ( Its
> >Excellent and Works Fabulously ) ... But I get
> >all sorts of Buzz word stuff like Cisco Pix,Checkpoint and others from
> >management and salesmen coming into this site .. When I try and position
> >my solution (Shorewall,Squid,Snort and Red-Hat Linux) I get the that's an
> >inferior solution at protecting an enterprise. Do you know of a IP-Tables
> >Linux Vs These Products comparison link or two. Particular attention is
> >paid to stuff like VPN's and IPSEC by my customer... I know the above
> >products do a good job at insulating the complexity of setting these kind
> >of connections up ... But its funny "You Need Expensive Cisco
> >Or Etc trained consultants to do this". I know my customer is protected
> >perfectly and has a extremely cost effective and robust platform.
> >Its my opinion that Cisco Pix, Checkpoint et all are all proprietary
> >drains.
> Can't help with the link, but I'll put my couple of cents worth forward.
> I suppose it's like anything ... products have their market.  Some people
> are happy to pay Cisco/CheckPoint/Nokia or whoever for their support,
> others are happy to pay people such as yourself.  Some organisations also
> have strict auditing and/or certification of their products - AFAIK
> Linux/iptables has never been certified to any level of security that the
> big players have.
> People can claim that the Linux/iptables combination is inferior, but do
> these people have proof?  I doubt it.
> I think a lot of customers _are_ caught up in buzz-words, becuase that
> marketing throws at them.
> Cheers,
> Rob
> -- Buy Land Now.  It's Not Being Made Any More.
> This is random quote 301 of a collection of 1254
> [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users