Re: [fw-wiz] Disecting the Cisco PIX

From: Art Mason (a.c.mason@sbcglobal.net)
Date: 07/30/02


From: Art Mason <a.c.mason@sbcglobal.net>
To: firewall-wizards@honor.icsalabs.com
Date: Tue Jul 30 16:33:02 2002

Yeah, I've actually been eying the Soekris platforms for some time now.
I especially like the ones that support PCMCIA devices (ex. Cisco
Aironet 350 wireless NICs). I'm thinking WAN/LAN/DMZ NAT device w/
802.11b VPN support on a compact flash storage medium. I've
successfully deployed quite a few Linux and OpenBSD-based firewalls, w/
great success, and have found their performance to be quite comparable
to many of the more expensive commercial offerings (I used to be the
tech. coordinator for a school district, so cost was always a concern).
I especially appreciate the mature bridging code in OpenBSD 3.1 when
employed w/ PF directly behind the border router. The fact that it has
no IP addresses assigned to either interface allows for drop-in PnP
integration w/ most LAN/DMZ topologies. Only problem would be network
management from remote hosts, unless you applied an IP to the internal
interface and applied some rules allowing SSH connectivity from a few
specific hosts.

I've also got another question on ADSL inverse multiplexing (bonding 2
or more ADSL connections together for aggregating bandwidth) on the
gateway/firewall/router, but I'll save that for another thread, so as to
maintain mailing list etiquette and political correctness for my fellow
list subscribers.

Thanks for all the input I've received so far.

On Tue, 2002-07-30 at 14:36, Kevin Steves wrote:
> maybe http://www.soekris.com/ for a hardware platform.
>
> --
> Kevin Steves | kevin@atomicgears.com
> Atomic Gears LLC | http://www.atomicgears.com/

-- 
Art Mason
Network Consultant
Maverick Datacom
Voice:  (830) 773-8998
E-mail: a.c.mason@sbcglobal.net