"One Brand of Firewall"
Gatrner sent me an ad of a quite disturbing report ( www.gartner.com/imagesrv/media-products/pdf/fortinet/fortinet-1-3315BQ3.pdf ) which advocates using «one firewall brand» to reduce complexity.
Sorry, guys, one brand of WHAT?
There is no such thing as «general purpose firewall» that fits all. It is a mythical device (and this myth was supported by Gartner for years).
What you call «firewall» is actually one of three (or more) things:
1) A border/datacenter segmenation device. Think high throughput, ASICs, fault tolerance and basic IPS capabilities.
2) An «office» firewall. Think moderate throughput, egress filtering, in-depth protocol inspection, IAM integration and logging capabilities
3) WAF. Enough said, WAF is completely different beast, having almost nothing in common with any of those.
Ah, and a VPN server. It is not a firewall (though it should have basic firewall capabilities). Not falls into any of those categories.
Dear Gartner, have you ever tried to market a pipe-wrench-hair-dryer? You should, you have a talent for that.
Sorry, guys, one brand of WHAT?
There is no such thing as «general purpose firewall» that fits all. It is a mythical device (and this myth was supported by Gartner for years).
What you call «firewall» is actually one of three (or more) things:
1) A border/datacenter segmenation device. Think high throughput, ASICs, fault tolerance and basic IPS capabilities.
2) An «office» firewall. Think moderate throughput, egress filtering, in-depth protocol inspection, IAM integration and logging capabilities
3) WAF. Enough said, WAF is completely different beast, having almost nothing in common with any of those.
Ah, and a VPN server. It is not a firewall (though it should have basic firewall capabilities). Not falls into any of those categories.
Dear Gartner, have you ever tried to market a pipe-wrench-hair-dryer? You should, you have a talent for that.
2 comments
on a very deep level