RE: [fw-wiz] Multiple firewalls from different manufactureres

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 01/28/05

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Multiple firewalls from different manufactureres" 
    To: MHawkins@TULLIB.COM
Date: Fri, 28 Jan 2005 09:20:34 -0500 (EST)

    On Wed, 26 Jan 2005 MHawkins@TULLIB.COM wrote:

    > "commodity pricing on firewalls"
    >
    > Am I the only one who fainted when I saw this?

    You can get swanky 100Mb/s full duplex boxes for less than USD $1000, and
    you can get a PC and add software for around 2x that with all kinds of
    redundancy from a top-tier vendor.

    That's way less than the ~$70,000 my first commercial firewall cost- and
    I don't even want to think of what we paid for the last time I did a "we
    need $quantity firewalls." Funnily enough, when we did maintenance, we
    dropped a $600 Linux PC in place with some proxies on it and *nobody*
    noticed. Low thousands of interactive users, low to mid tens of thousands
    of e-mail users.

    Sure, you can toke off the "need gigabit" crack pipe, "need
    IPS/IDS/whatever's next" crack pipe, or whatever and spend waaay more
    money, but it's quite possible to protect pretty large enterprises with
    boxes that cost 1/20th of what they did back in the day.

    These days, if you're spending big bucks for firewalls, it's because some
    vendor's convinced you that you need some nebulous "management" foo that
    really provides little to no value, or because you've been snowed by the
    "need a cluster of sixteen firewalls all working together!" spiel.

    Sure- there are exceptions, but in general relatively small and
    inexpensive firewalls work perfectly well.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Multiple firewalls from different manufactureres"

    Relevant Pages

    • Re: browstat wont run
      ... >>>First I just extracted it to my desktop for easy access, ... >> Paul, ... >Windows firewalls and tried to connect, so I am guessing it is not the ... OK, looking at browstat: ...
      (microsoft.public.windowsxp.network_web)
    • Re: [fw-wiz] iso 17799
      ... On Thu, 22 Jul 2004, Paul D. Robertson wrote: ... Ok, in the "You get what you ask for category," the Internet Firewalls FAQ ... Definitely on the list are a section on personal firewalls, ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Maximum number of subnets on a firewall
      ... > try to attach it to any available product: I was asked to plan a network for ... > companies I've concluded that all of them together will need 10 subnets ... firewalls. ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... Now that we've actually gotten back to the point where firewalls are ... The only thing something like network IPS gets you over a tradtional ... than proactive security? ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)
    • Re: [fw-wiz] iso 17799
      ... Neither the new editions of Firewalls and Internet Security, ... Building Internet Firewalls have this list mentioned in them, ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)