Re: [fw-wiz] Once again..appliance firewall input requested
From: Kevin (kkadow_at_gmail.com)
Date: 01/22/05
- Previous message: Jason Hamilton: "RE: [fw-wiz] PIX stateful failover and crossover cables"
- In reply to: Matt Bazan: "[fw-wiz] Once again..appliance firewall input requested"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Matt Bazan <Mbazan@onelegal.com> Date: Fri, 21 Jan 2005 19:30:43 -0600
On Thu, 20 Jan 2005 12:57:41 -0800, Matt Bazan <Mbazan@onelegal.com> wrote:
> I'd like input on what people are using and their satisfaction levels with them.
Assuming a stateful inspection packet filter with very limited
protocol awareness
is acceptable to you, then the PIX could be a good fit. Since you
don't have "Deep Inspection" now, you won't lose functionality going
from Netscreen to PIX.
For an organization with open-minded management and a willingness to
"get under the hood" (and where a GUI is not a requirement), my
personal preference would be to deploy OpenBSD as a failover pair on
quality hardware. This approach, IMHO, provides the ultimate in
"Configuration flexibility" and granular NAT, but does require some
Unix skills to install, manage, and to and perform OS versions
upgrades no less often than once per year (OpenBSD releases every six
months, support/patches are available for the current version and one
version back).
Kevin Kadow
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Jason Hamilton: "RE: [fw-wiz] PIX stateful failover and crossover cables"
- In reply to: Matt Bazan: "[fw-wiz] Once again..appliance firewall input requested"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
