follow-up to firewall survey

A formal evaluation of firewalls is done by and we will only select top products meeting out network topology needs found under the firewall buyer's guide therein.

Reply to
Gregory W Zill
Loading thread data ...

First, thanks to those who responded to my firewall survey. Second, I'm really surprised at one of the answers I consistently received in light of the pressure I'm receiving... Only one person responded that they have any type of formal decision process for determining which firewall meets their needs. I'm receiving a lot of pressure to implement one, but the more I study firewalls, the less it seems possible. The responses I received on the survey seem to confirm that.

If there is anyone willing to discuss this in more depth with me, I would appreciate it.

Reply to

You might want to start by making and prioritizing a list of features. Make note of those that you absolutely have to have as well as features that would be nice to have but are optional if they increase the cost/benefit ratio. It helps to keep this list on hand when you discuss your needs with a sales engineer or other technical rep that's willing to discuss their products in detail. I've also found that some resellers are willing to let you evaluate products either by loaning you equipment to test in your own production or lab environment or by providing access to their own test lab. Is your survey online somewhere or was it just a request for comments by email? It must have been in an older post that I missed.


Reply to

Yes, I posted the original survey to this group - but I posted right before the holidays, so it could have easily been lost. Below is the original survey: 1. Does your institution/organization use a firewall at the enterpriselevel (institution-wide)?

  1. Do you use a commercial product or a self-built product?

  1. Is your firewall considered to be a hardware appliance or a software solution?

  2. Related to question 3, do you feel that one is better than the other? Why or why not?

  1. What factors are involved in your decision to choose a firewall?

  2. Do you have a formal management process for evaluating a firewall? If so, would you be willing to share it?

  1. Obviously, cost and personnel experience are major factors when choosing a firewall? Are there other factors that are just as important?

Based on the answers I received to the survey, and what I gathered from the internet, I felt the steps in making a firewall decision should be:

  1. design internal policies, if they don't already exist

  1. determine what functions are important to you

  2. decide what kind of traffic you're willing to let through

  1. determine how much it will cost

  2. determine who will maintain it

I've been told those aren't the proper steps for a decision process. Instead, the proper steps should be:

  1. internet search

  1. check for industry evaluations

  2. check with peers

  1. decide if you'll go the do-it-yourself route or if you'll outsource

5a. beta test, if you choose do-it-yourself

5b. outsource

I suppose some of what I orginally thought would fit into the new step 4. But I consider the first 3 steps to be trivial - I can't imagine making any decision without going through those 3 steps. However, I did notice in my search on the internet that most of the data available seems to be 2 to 3 years old - and I'm guessing the technology has changed drastically in that amount of time.

I'm wondering now what resources the experts are using to gather this information.

Reply to
DH Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.