On 10 Jun 2005 at 14:51, Tina Bird wrote:

> > From: Dave Piscitello [mailto:dave@corecom.com]
> >
> > This is very good publicity for firewall vendors not in the list who
> > provide a default "DENY ALL" in policy configuration. I'll enjoy
> > tormenting friends at these companies over this:-)

> I guess that's one way to look at it. I'd like to think that folks at
> those companies will be cringing

for the record, I did mention this to one of the companies listed and
they are moritified.

> real world as defined by Gartner.

strip the adjective

> Well, the company at which I did my first firewall install replaced
> the whole shebang within a year of my leaving, claiming that my
> rock-solid Sidewinder infrastructure was too hard to manage

This could begin an new thread entirely: change introduced under the
guise of "complexity" when it really is "we downsized our expertise
and can't do what we did before".

> I have seen several organizations replace firewall or VPN
> architectures, and almost never for a technical reason - almost always
> for political or financial ones.

I've seen SSL VPNs replace IPsec RA VPNs, but the firewall remains
and continues to terminate site-to-site IPsec.

firewall-wizards mailing list