Firewall dilemma

This is getting interesting! There are old problems in the NIS IDS component, still unfixed (apparently) according to a current thread at DSLR security. (A bit surprising, since I would expect better of the Raptor technology upon which the NIS IDS component is supposedly based). And, in another thread here in the Wilders forum, BlitzenZeus just chimed in and said the KPF 4.x invocation of Snort as an IDS is terrible! (He oughta know!) Specifically, it appears that in KPF 4.x, the user can't customize the IDS signatures in any manner, whereas as CrazyM just noted in the DSLR thread, it's at least possible (in NIS 2003) to exclude questionable signatures.

 

I'd rather NIS fix them than me exclude them, though.

Comments in this link are holding me back from using NIS. I think the poster Wulfman has a legitimate complaint.

http://www.outpostfirewall.com/forum/showthread.php?s=36a8a61bf55bacc440d59e74ffd17403&threadid=6695&perpage=15&pagenumber=1

What do you think?

 

I'm trying Kerio 4.0.7 right now, and the IDS looks good - though I'd rather you be able to exclude signitures rather than type of intrusion. I like the firewall and will try it for a while.