>
> I can't comment on functionality comparisons with FW-1,
> since I am not familiar with it, but I have had very
> good experiences with http://sunsite.auc.dk/vpnd/.
>
> --izar
Hi !
I am familar with Checkpoint's FW-1 and I can asure you it's
far away from any open source/free solution I've seen so far.
BTW It's also far away from most of other commercial sollutions,
but it's other story.
Basiscally Checkpoint's VPN-1 and FW-1 did 3 different basic
things.
- VPN (Encryption)
- NAT (Network address translation )
- Firewalling (Statefull packets inspection).
There're rumors that in 2.4 kernel would be able to do statefull
inspection. Also those rumors say it's not fully functional now.
I've not seen NAT in Linux working as I expect from
my FW-1 installations experience. Portforwarding is just ok,
but in many cases you do want NAT. Maybe there are addons to
ipchains that implement that, I'm not aware of them at this
moment.
Encryption: FreeS/Wan as I know is best and most interoperable
VPN (IPSEC) solution for Linux and it's do it's work also it
have some stability problems. It's not too easy to configure
though. I'm even not talking about PKI-based solutions in Linux :-(
BTW: There is Checkpoint's FW-1 version for Linux and it works
just good in case you didn't know that :-))
Meir
P.S. I'm not marketing person (God forbid ) and I can imagine
many installations where ipchains/vpnd would do the work.
The fact that FW-1 have many nifty features is good, but check
if you need them :-)
Also feel free to correct me/inform about products I'm not aware.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
