Astaro is not listed. Note that ICSA labs is moving to a new certification criteria, and Astaro would have to meet that if it is not already in the lab under the older criteria (all firewalls have to move rapidly to the new criteria anyway, it is just that new products start at the current criteria).
BTW, my daytime email address is rgm@icsalabs.com
It is just that I am a remote researcher for ICSAlabs, support some lab functions (IPsec, PKI, 802.11) and run my own home network, thus my use of Astaro (I have to pay for much of my home network).
[QUOTE]Originally posted by blue: ICSA is made from the industry itself an is only a simple funktional test.!?
it's comparable to ITsec E1 low [/QOUTE]
Not correct. It is made by ICSALabs with input and comments by the industry. It has thus allowed for stepwise improvements and gets the vendors actively involved in improving their products to meet obtainable goals. ICSAlabs is now on version 4 of the criteria, well establishing this interative approach.
checkpoint, cisco, evidian, cyberguard... have ITsec E3 whith is much harder to get.
One of the big differences between ITsec and CC compared to ICSA is that ICSA tests to 'shrink wrapped' criteria as to whether a product CAN provide protection. Also ICSA, for the length of the contract keeps the product up and running and tests against new threats and tests new versions.
ITsec and CC is a one-time test of a specific submitted version. Then this version is tested against a set of deployment criteria. I would point out that in E3 there is a scenario that if the firewall is 'captured' the configuration is zeroed out. Also that a firewall platform work in a particular physical environment. Not that this is bad, but many of the scenarios are not needed for commercial use.
Thus ICSALabs testing and ITsec/CC have significant overlab but do address different end points.
Also it is ICSALabs that has been at it longer and gotten these products up to the point where they are so they can really pass more involved tests [:)]
Bottom line, it is up to the vendors to understand their customers and what certification (if any) they feel they need to maintain sales against competitors. All of these certifications get products to really protect networks.
Now if we can only get people NOT to leave their firewall configs at default. Our surveys have shown that up to 80% or deployed firewalls are running at vendor defaults with vendor default admin passwords....
