[Gutl-l] Comparativa de Firewalls

Fri, 09 Sep 2011 17:47:19 -0700 


 Comparison of firewalls


   [edit
   
<mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Comparison_of_firewalls%26amp;action=edit%26amp;section=1>]
   Firewall software
Main article: Personal firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Personal_firewall>
Generally, all firewalls are software-based, and there is no such thing as a purely hardware-only firewall. Embedded firewalls are simply very limited-capability programs running on a low-power CPU, and this software can be upgraded or replaced if someone has sufficient skill and resources to do so. (See OpenWRT <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/OpenWRT>)
Firewall License <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Software_license> Cost / usage limits OS <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Operating_system> Cisco IOS <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Cisco_IOS> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary> Included on all Cisco 
switches and routers    Proprietary, runs only
on Cisco hardware
Comodo Internet
Security <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Comodo_Internet_Security> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> Core Force Apache License <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Apache_License> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> Endian Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Endian_Firewall> GPL <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/GPL> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free Linux <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Linux>-based appliance GhostWall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=GhostWall%26amp;action=edit%26amp;redlink=1> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware> Free Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> IPFilter <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/IPFilter> restrictive BSD license <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/BSD_license> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free *BSD <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Berkeley_Software_Distribution>, Solaris <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Solaris_%28operating_system%29> kernel module ipfirewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Ipfirewall> BSD license <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/BSD_license> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free *BSD <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Berkeley_Software_Distribution> package 
Kaspersky
Internet Security <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Kaspersky_Internet_Security> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 
Lavasoft
Personal Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Lavasoft_Personal_Firewall> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 
Microsoft
Forefront Threat
Management
Gateway <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Forefront_Threat_Management_Gateway> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 Monowall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Monowall> BSD license <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/BSD_license> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free FreeBSD-based appliance Netfilter/iptables <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Netfilter/iptables> GPL <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/GPL> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free Linux <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Linux> kernel module Norton 360 <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Norton_360> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 
Online Armor
Personal Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Online_Armor_Personal_Firewall> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware>/Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 
Outpost
Firewall Pro <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Outpost_Firewall_Pro> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 
PC Tools
Firewall Plus <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/PC_Tools_Firewall_Plus> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 PF <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/PF_%28firewall%29> BSD license <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/BSD_license> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free *BSD <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Berkeley_Software_Distribution> kernel module pfsense <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Pfsense> BSD license <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/BSD_license> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free FreeBSD/NanoBSD-based appliance PrivateFirewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=PrivateFirewall%26amp;action=edit%26amp;redlink=1> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 Smoothwall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Smoothwall> GPL Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> Free Linux-based appliance 
Sunbelt
Personal Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Sunbelt_Personal_Firewall> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32 
Sygate
Personal Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Sygate_Personal_Firewall> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32 
Vista Firewall
Control <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Vista_Firewall_Control%26amp;action=edit%26amp;redlink=1> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware>/Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 Vyatta <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Vyatta> GPL <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/GPL> Open Source <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Open_Source> ? Linux <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Linux>-based appliance Windows Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Windows_Firewall> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> Included free as part of operating system Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 WinGate <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WinGate> Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 ZoneAlarm <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/ZoneAlarm> Freeware <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Freeware>/Proprietary <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Proprietary_software> ? Windows <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Windows> x32/x64 


   [edit
   
<mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Comparison_of_firewalls%26amp;action=edit%26amp;section=2>]
   Firewall rule-set basic filtering features comparison
Can Target: Changing default policy to accept/reject (by issuing a single rule) IP destination address(es) IP source address(es) TCP/UDP destination port(s) TCP/UDP source port(s) Ethernet MAC destination address Ethernet MAC source address Inbound firewall (ingress) Outbound firewall (egress) Check Point VPN-1 <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/VPN-1_Edge> Yes Yes Yes Yes Yes Yes Yes Yes Yes 
Cisco Access List       Yes     Yes     Yes     Yes     Yes     Yes     Yes     
Yes     Yes
Clavister <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Clavister%26amp;action=edit%26amp;redlink=1> Yes Yes Yes Yes Yes Yes Yes Yes Yes Endian Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Endian_Firewall> Yes Yes Yes Yes Yes Yes Yes Yes Yes 
IPFilter        Yes     Yes     Yes     Yes     Yes     Yes     Yes     Yes     
Yes
Juniper Networks        Yes     Yes     Yes     Yes     Yes     Yes     Yes     
Yes     Yes
Linux iptables <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Netfilter/iptables> Yes Yes Yes Yes Yes Yes Yes Yes Yes NAI Gauntlet <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Gauntlet_%28firewall%29%26amp;action=edit%26amp;redlink=1> Yes Yes Yes Yes Yes Yes Yes Yes Yes OpenBSD PF <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/PF_%28firewall%29> Yes Yes Yes Yes Yes Yes Yes Yes Yes 
Sidewinder G2   Yes     Yes     Yes     Yes     Yes     Yes     Yes     Yes     
Yes
Soft in Engines BMF     Yes     Yes     Yes     Yes     Yes     Yes     Yes     
Yes     Yes
SonicWALL       Yes     Yes     Yes     Yes     Yes     Yes     Yes     Yes     
Yes
Trend Micro Internet Security <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Trend_Micro_Internet_Security> Yes Yes Yes Yes Yes No No Yes Yes Vyatta <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Vyatta> Yes Yes Yes Yes Yes Yes Yes Yes Yes Windows XP Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Windows_Firewall#Windows_XP> No No Yes Partial No No No Yes No Windows Vista Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Windows_Firewall#Windows_Vista> Yes Yes Yes Yes Yes No No Yes Yes 
Windows 7 /
Windows 2008 R2
Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Windows_Firewall#Windows_7> Yes Yes Yes Yes Yes Yes Yes Yes Yes WinGate <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WinGate> Yes Yes Yes Yes Yes Yes Yes Yes Yes Zentyal <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Zentyal> Yes Yes Yes Yes Yes Yes Yes Yes Yes Zorp <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Zorp_firewall> Yes Yes Yes Yes Yes Yes Yes Yes Yes 

   * Windows XP Firewall can target only single destination TCP/UDP
     port per rule, not port ranges, therefore support is partial.


   [edit
   
<mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Comparison_of_firewalls%26amp;action=edit%26amp;section=3>]
   Firewall rule-set advanced features comparison
Can: work at OSI Layer 4 (stateful firewall) work at OSI Layer 7 (application inspection) Change TTL? (Transparent to traceroute) Configure REJECT-with answer DMZ (de-militarized zone) - allows for single/several hosts not to be firewalled. Filter according to time of day Redirect TCP/UDP ports (port forwarding) Redirect IP addresses (forwarding) Filter according to User Authorization Traffic rate-limit / QoS Tarpit Log Juniper Networks Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Check Point VPN-1 Yes Yes Yes Yes(With Web Intelligence) Yes Yes Yes Yes Yes Yes Yes Yes Cisco Access List Yes (with CBAC <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/CBAC>) Partial (with CBAC <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/CBAC>) No No Yes Yes Yes Yes (with static routes) Yes (with dynamic ACLs) Yes (with queueing) No Yes Clavister <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Clavister%26amp;action=edit%26amp;redlink=1> Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes IPFilter Yes Partial (selected protocols only) Yes Yes Yes Yes Yes Yes No Yes Yes Yes Linux iptables Yes Yes (with patch) Yes Yes Yes Yes (with 3rd party tools) Yes Yes Yes (with NuFW) Yes Yes (with Patch-o-matic module) Yes IPFW2 Yes Partial (with divert) Yes Yes Yes Partial (with patch) Yes Yes ? Yes Yes Yes OpenBSD pf Yes Partial (selected protocols only) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Sidewinder <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Secure_Computing> Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Soft in Engines BMF Yes Partial (selected protocols only) No Yes Yes Yes Yes Yes Yes (with MS Active Directory) Yes No Yes Vyatta <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Vyatta> Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Windows 7 (and Windows 2008 R2) Firewall Yes Yes No No No Yes **(with 3rd party tools) Yes Yes Yes Yes**** No Yes Windows Vista Firewall Yes Yes No No No Yes* Yes Yes Yes Yes**** No Yes Windows XP Firewall Yes Yes No No No Yes* Yes Yes Yes Yes**** No Yes WinGate <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WinGate> Yes Yes Yes No Yes Yes Yes No Yes Yes No Yes Zentyal <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Zentyal> Yes Yes No No Yes No Yes Yes No Yes No Yes 

   * NOTE: Because Linux Iptables is text-based firewall, you can
     "Filter according to time of day" by using additional 3rd party
     tools, like expect automation tool and cron jobs.
   * Windows firewall may be scripted with scheduled tasks.
   * Configured by system policy


   [edit
   
<mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Comparison_of_firewalls%26amp;action=edit%26amp;section=4>]
   Firewall Management features comparison
Features: Configuration: GUI, text or both modes? Remote Access: Web (HTTP), Telnet, SSH, RDP, Serial COM RS232, ... Change rules without requiring restart? Ability to centrally manage all firewalls together Juniper Networks both proprietary GUI, SSH, Web (HTTP/HTTPS),Telnet, nsm, RS232 Yes Yes 
Check Point VPN-1       both    proprietary GUI, SSH, Web (HTTP/HTTPS)  Yes     
Yes
Cisco IOS both Telnet, SSH, Web(Java App "PDM" or the newer "ASDM"), RS232 Yes Partial Clavister <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Clavister%26amp;action=edit%26amp;redlink=1> both proprietary GUI, SSH, Web (HTTP/HTTPS),Telnet, nsm, RS232 Yes Yes IPFilter both Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232 Yes Yes Linux iptables both Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232 Yes Yes IPFW2 both Telnet, SSH, Web (webmin), X GUI "qtfw", Mac GUI "WaterRoof", RS232 Yes Yes OpenBSD pf both Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232 Yes Yes Vyatta <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Vyatta> both Telnet, SSH, Web GUI, RS232 Yes Yes Windows 7 (and Windows 2008 R2) Firewall both RDP, telnet, Group Policy <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Group_Policy>, MMC <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Management_Console> Yes Yes Windows Vista Firewall both RDP, telnet, Group Policy <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Group_Policy>, MMC <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Microsoft_Management_Console> Yes Yes Windows XP Firewall both RDP, telnet, Group Policy <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Group_Policy> No Yes(with AD and GPO) WinGate <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WinGate> GUI Proprietary user interface Yes N/A Endian Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Endian_Firewall> both Telnet, SSH, Web GUI, Yes Yes ClearOS <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/ClearOS> both RS232, SSH, WebConfig <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WebConfig>, Yes Yes with ClearSDN Zentyal <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Zentyal> GUI SSH, Web (HTTPS) Yes Yes with Zentyal Cloud 

   * NOTE: Because Linux Iptables and Cisco ACL are text-based
     firewalls, you can centrally manage them all-at-once by using
     additional tools, like KDE Konsole or expect automation tool.

   * NOTE: Due to the distributed nature of the Checkpoint
     architecture, no single interface is used exclusively. Security,
     NAT and VPN configuration is always done using the proprietary
     GUI, however basic IP networking and routing configuration of
     individual firewalls could be done using SSH or the Web interface.


   [edit
   
<mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Comparison_of_firewalls%26amp;action=edit%26amp;section=5>]
   Firewall's other features comparison
Features: Modularity: supports third-party modules to extend functionality? IPS : Intrusion prevention system <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Intrusion_prevention_system> Open-Source License? supports IPv6 ? Class: Home / Professional Operating Systems on which it runs? 
Juniper Networks        Yes     Yes     No      Yes     Professional    Juniper 
Networks (JunOS)
Check Point VPN-1 Yes Yes No Yes Professional Solaris, Linux (SPLAT or RHEL), Nokia IPSO, Crossbeam,Windows NT, 2000, 2003 
Cisco IOS       No      Yes     No      Yes     Professional    Cisco IOS
Clavister <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Clavister%26amp;action=edit%26amp;redlink=1> Yes Yes No Yes Professional CorePlus IPFilter Yes Yes, with Snort Inline, Ossec Yes Yes Both Solaris, IRIX, HP-UX, NetBSD and FreeBSD. Available but deprecated on Linux. Linux iptables Yes Yes, with Snort Inline, Ossec Yes Yes Both Linux 2.4+ OpenBSD pf Yes Yes, with Snort Inline, Ossec Yes Yes Both OpenBSD <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/OpenBSD>, FreeBSD <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/FreeBSD> 6.0+, NetBSD <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/NetBSD> 3.0+ 
Outpost Firewall Pro    No      Yes     No      Yes     Professional    Windows
Vyatta <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Vyatta> Yes Yes Yes Yes Professional Vyatta OS (built on Debian) 
Windows 7 (and Windows 2008 R2) Firewall        Yes     No      No      Yes     
Both    Windows 7
Windows Server 2008 R2
Windows Vista Firewall  Yes     No      No      Yes     Both    Windows Vista
Windows Server 2008
Windows XP Firewall     No      No      No      No      Home    Windows XP
Windows Server 2003
WinGate <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WinGate> Yes /*?*/ No No Professional Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 2008. 32bit and 64bit. Endian Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Endian_Firewall> Yes Yes, with Snort Inline Yes Yes Both Endian OS (Based on Red Hat Enterprise Linux) Zentyal <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Zentyal> Yes /*?*/ Yes No Both Ubuntu Server 

   * NOTE: Checkpoint support a limited range of third-party modules
     from certified partners. Modules are integrated with Checkpoint
     firewalls through a platform named OPSEC
     <mailto:g...@dameweb.info?subject=http://www.opsec.com>

   * NOTE: WinGate 6.x supports 3rd party modules for data scanning
     only (e.g. antivirus and content filtering).


   [edit
   
<mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Comparison_of_firewalls%26amp;action=edit%26amp;section=6>]
   Non-Firewall extra features comparison
Those features are not strictly firewall features, but are sometimes bundled with firewall software, or exist on the platform.
NOTE: Features will be marked as "yes", even if it's separate module that comes with the platform, on which firewall sits.
IDS: real-time firewall that logs/sniffs/blocks suspicious connections, that are not part of rule-set. 

VPN (Virtual Private Network) Types are: PPTP, L2TP, MPLS, IPsec, SSL/SSH.
Profile selection: The user is enable to switch fast between firewall settings for at work, home or in public places.
Can: NAT (static, dynamic w/o ports, PAT) IDS (Intrusion Detection System) VPN (Virtual Private Network) AV (Anti-Virus) Sniffer Profile selection Juniper Networks IOS Yes (supports three NAT types) Yes Yes Yes Yes (supports wireshark, tcpdump, IOS version) /*?*/ Check Point Yes (supports four NAT types) Yes Yes Yes Yes (with wireshark, tcpdump or FW-1 kernel inside dump "fw monitor" a powerful tool to determine many aspects of the connection before and after packet enters/leaves OS routing system /*?*/ Cisco IOS Yes (supports three NAT types) Yes Yes (some IOS versions) No Yes (some IOS versions) /*?*/ Clavister <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/w/index.php?title=Clavister%26amp;action=edit%26amp;redlink=1> Yes (supports three NAT types) Yes Yes Yes Yes (supports Clavister Real-Time Log/Monitor and PCAP/Wireshark) /*?*/ IPFilter Yes (supports three NAT types) Yes (with Prelude-IDS or Snort) Yes (Native on Solaris, HP-UX. With third-party software on IRIX, BSD, Linux.) Yes (with clamav) Yes (with wireshark or tcpdump) /*?*/ Linux OS Yes (supports three NAT types) Yes (with Prelude-IDS or Snort) Yes (with openVPN <mailto:g...@dameweb.info?subject=http://www.openvpn.net/>) Yes (with clamav) Yes (with wireshark or tcpdump) /*?*/ OpenBSD pf Yes (supports three NAT types) Yes (with Prelude-IDS or Snort) Yes Yes (with clamav) Yes (with wireshark or tcpdump. "log" option logs in pcap format) /*?*/ Vyatta <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Vyatta> Yes (supports three NAT types) Yes (integrated Snort) Yes (IPsec and OpenVPN) No Yes (with wireshark or tcpdump) /*?*/ Windows 7 (and Windows 2008 R2) Partial (PAT, with Internet Connection Sharing) Yes (with SPECTER) Yes Yes (McAfee, Symantec, etc.) Yes (with wireshark) Yes (public, private, home) Windows Vista Partial (PAT, with Internet Connection Sharing) Yes (with SPECTER) Partial (Limited to 1 client) Yes (McAfee, Symantec, etc.) Yes (with wireshark) Yes (public, private) Windows XP Partial (PAT, with Internet Connection Sharing) Yes (with SPECTER) Partial (Limited to 1 client) Yes (McAfee, Symantec, etc.) Yes (with wireshark) No WinGate <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/WinGate> Yes Yes (with NetPatrol) Yes (proprietary) Yes (Kaspersky Labs) Yes (filtered capturing to pcap format) No Endian Firewall <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Endian_Firewall> Yes (supports three NAT types) Yes (with integrated Snort) Yes (IPsec and openVPN <mailto:g...@dameweb.info?subject=http://www.openvpn.net/>) Yes (with clamav,Sophos Antivirus (optional) ) Yes (with wireshark or tcpdump) N/A Zentyal <mailto:g...@dameweb.info?subject=http://en.wikipedia.org/wiki/Zentyal> Partial (static, PAT) Yes Yes Yes Yes (with wireshark or tcpdump) N/A 



--
=======================================
  Jenny Cabrera Varona
  Administrador de Red
  [Nodo Geominera Camagüey]
  OS: [GNU/Linux]&[BSD/UNIX]
  Teléfono: (53) (32) 27-21-08
  JID: jcvgnu...@jb.gmcmg.gms.minbas.cu
  E-Mail: jcvgnu...@gmcmg.gms.minbas.cu
========================================
              ,        ,
             /(        )`
             \ \___   / |
             /- _  `-/  '
            (/\/ \ \   /\
            / /   | `    \
            O O   ) /    |
            `-^--'`<      '
           (_.)  _  )   /
            `.___/`    /
              `-----' /
 <----.     __ / __   \
 <----|====O)))==) \) /====
 <----'    `--' `.__,' \
              |        |
               \       /       /\
          ______( (_  / \______/
        ,'  ,-----'   |
        `--{__________)

      ______
     |  ____| __ ___  ___
     | |__ | '__/ _ \/ _ \
     |  __|| | |  __/  __/
     | |   | | |    |    |
     |_|   |_|  \___|\___|
     ____   _____ _____
     |  _ \ / ____|  __ \
     | |_) | (___ | |  | |
     |  _<  \___ \| |  | |
     | |_) |____) | |__| |
     |     |      |      |
     |____/|_____/|_____/



--
Este mensaje ha sido analizado por MailScanner del Nodo Geominera Camaguey
en busca de virus y otros contenidos peligrosos y se considera que está limpio.

------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: 
<http://listas.jovenclub.cu/pipermail/gutl-l/attachments/20110909/af3633d5/attachment.htm>
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l

Responder a