Re: [fw-wiz] Multiple firewalls from different manufactureres

From: Keith A. Glass (salgak_at_speakeasy.net)
Date: 01/28/05

  • Next message: Randy Grimshaw: "Re: [fw-wiz] NAT for public IPs"
    To: "Joseph S D Yao" <jsdy@center.osis.gov>, "Marcus J. Ranum" <mjr@ranum.com>
    Date: Fri, 28 Jan 2005 17:00:03 +0000
    
    

    > -----Original Message-----
    > From: Joseph S D Yao [mailto:jsdy@center.osis.gov]
    > Sent: Friday, January 28, 2005 04:00 PM
    > To: 'Marcus J. Ranum'
    > Cc: firewall-wizards@honor.icsalabs.com
    > Subject: Re: [fw-wiz] Multiple firewalls from different manufactureres
    >
    > On Fri, Jan 28, 2005 at 08:39:27AM -0500, Marcus J. Ranum wrote:
    > > MHawkins@TULLIB.COM wrote:
    > > >"commodity pricing on firewalls"
    > > >
    > > >Am I the only one who fainted when I saw this?
    > >
    > > I got my firewall in a box of Corn Flakes... It works pretty well, too!
    > >
    > > mjr.
    >
    > No! All this time I had thought yours just spilled out of your fingers
    > full-grown. ;-)
    >
    > As Paul said, TANSTAAFFW (there ain't no such thing as a free firewall)
    > - but what you spend and where and how differs from firewall to
    > firewall.

    Yes and no. You CAN put up a decent firewalling solution using commodity computers, especially the 1-U units (Dell 1700-series, HP Proliant DL360s, etc. . ) and either Linux, Solaris (now that it's free) or some flavor of BSD, and the firewall of your choice. I just wish some of the vendors would allow their FW solution to be available outside the "appliance" vehicle (Yes, I'm talking about Symantec and Secure Computing. . .)

    When I was running the firewalls at SEC's EDGAR project, we used a mix of Gauntlets and FW-1, all running on various flavors of Sun hardware, from old Ultra 5's and 10's to new SunFire 480's (we were in an upgrade cycle, 18 months ago. . )

    Keith
    Merrily running systems at Fort Belvoir. . .

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Randy Grimshaw: "Re: [fw-wiz] NAT for public IPs"

    Relevant Pages

    • Re: DHCP - firewall and dhcpd configuration
      ... keyboard, flexed their fingers and thumped: ... > that the firewall will still work if the address changes while ...
      (comp.unix.bsd.freebsd.misc)
    • still cant install framework 3.5 sp1
      ... turned off antivirus and firewall ... and even crossed my fingers and prayed. ... What the heck ...
      (microsoft.public.windowsupdate)
    • Re: DHCP - firewall and dhcpd configuration
      ... > keyboard, flexed their fingers and thumped: ... >> that the firewall will still work if the address changes while ... Christian ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Ecom 1.1 not seeing XP across network
      ... Onno Tabak wrote: ... could any future updates automatically activate the firewall without permission? ... The only time MS did so was with SP2 where it activated the firewall by default. ... I've double checked your suggestions till my fingers are sore switching the KVM. ...
      (comp.os.os2.bugs)
    • Re: [fw-wiz] Question about setting up PIX firewall
      ... > I would strongly disagree Paul. ... firewall there ... > amount of access while the user is connected to the vpn. ... But if you could find a client *and* compromise it, ...
      (Firewall-Wizards)