Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Anyone have secure access firewall?
According to Gil Kloepfer Jr.:
>
> Does anyone out there have Ascend's Secure Access Firewall product,
> and what are your opinions of it?
>
We're running SAF on our Pipeline 75...have been for just over 6 months now.
Its been working good.
> Specifically, what I'm looking for are *technical* opinions about the
> product (I will be using it on a Pipeline-50, with the switch):
>
> Does it enhance/hinder the router's performance at all?
>
Throughput with our 56K ISDN perm/switched service has been as good as
theoretical....so no complaints of having it. I do have FWTK running on
a host behind for some things, but most users on our network don't know
about it until they do something special.
> Have you found a way to perform configuration under UNIX,
> rather than with Ascend's Secure Access Manager?
>
I have a Win95 machine sitting next to me....which I had to have anyways,
because the electronic timesheet software only runs on Windows or Mac.
> Have you run into any problems such as exceeding the limits
> on the number of states (connections) the router can keep track
> of, or exceeding the amount of firewall information that can be
> stored in memory? (If so, would you provide specifics.)
>
Haven't encountered any limits that I'm aware of.
> Are there any services (like RealAudio or the like) that you want
> to be able to use, but now can't due to a firewall limitation?
>
Haven't had a need for RealAudio or the like, but there is an option in SAM
to enable RealAudio.
If you need other things, you can create "Custom IP Protocol" holes to allow
other things....I have rules for Compuserve, X FWTK-proxy with another site,
IRC, and a couple web sites that use nostandard ports.
> I intend to use the secure access firewall as a firewall for my
> Internet connection ("Perm/Switched" type of connection).
>
That's what we use ours for.....started out with Switched connection, but
later went to Perm/Switched. Adding FWTK came later mainly for its netacl
and using S/Key for logins.
> I have seriously considered purchasing this product, but am reluctant
> to do so until I have gotten some feedback from folks who have used
> it in a real-world environment on a Pipeline-50. My biggest complaint
> so far is that it's ONLY configurable through a MS-windows-based GUI
> tool. This also appears to be Ascend's direction in general, and I
> hope they don't forget about the large base of users out here that
> are still using UNIX in a command-line or configuration-file type mode.
> I won't be able to reconfigure the router *remotely* from Windows-95
> easily...
>
This would still be my biggest complaint, but it seems to be the trend
these days for firewall products (I found this with the other firewall
products that we were considering).
--
Lawrence Chen, P.Eng. "The Dreamer" VE6LKC/VE6PAQ
Computer/Research Engineer Email: lawrence@combdyn.com
Combustion Dynamics Ltd. Phone: +1 403 529 2162
#203, 132 4th Avenue S.E. Fax: +1 403 529 2516
Medicine Hat, AB T1A 8B5 URL: http://www.combdyn.com
"Just a Crazy Engineer with an Amiga and a Newton MP130" - The Dreamer
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
References: