Re: [fw-wiz] Multiple firewalls from different manufactureres

From: Joseph S D Yao (
Date: 01/28/05

  • Next message: Keith A. Glass: "Re: [fw-wiz] Multiple firewalls from different manufactureres"
    To: "Keith A. Glass" <>
    Date: Fri, 28 Jan 2005 13:10:53 -0500

    On Fri, Jan 28, 2005 at 05:00:03PM +0000, Keith A. Glass wrote:
    > > As Paul said, TANSTAAFFW (there ain't no such thing as a free firewall)
    > > - but what you spend and where and how differs from firewall to
    > > firewall.
    > Yes and no. You CAN put up a decent firewalling solution using commodity computers, especially the 1-U units (Dell 1700-series, HP Proliant DL360s, etc. . ) and either Linux, Solaris (now that it's free) or some flavor of BSD, and the firewall of your choice. I just wish some of the vendors would allow their FW solution to be available outside the "appliance" vehicle (Yes, I'm talking about Symantec and Secure Computing. . .)
    > When I was running the firewalls at SEC's EDGAR project, we used a mix of Gauntlets and FW-1, all running on various flavors of Sun hardware, from old Ultra 5's and 10's to new SunFire 480's (we were in an upgrade cycle, 18 months ago. . )
    > Keith
    > Merrily running systems at Fort Belvoir. . .

    Keith, "commodity" hardware still isn't "free"; neither is recycled
    hardware if there is some other possible use for it, or if its age
    causes it to fail earlier than it would otherwise have. TIS Gauntlet
    and Check Point Firewall-1 still cost something, last I checked [and
    last Gauntlet was available]. And I don't THINK you were donating your
    labour to put together even the free-software packages, eh? This is
    what I meant, and inferred from Paul's comment, about TANSTAAFFW.

    [In all of the above, "free" is intended as in "free beer".]

    Joe Yao
       This message is not an official statement of OSIS Center policies.
    firewall-wizards mailing list

  • Next message: Keith A. Glass: "Re: [fw-wiz] Multiple firewalls from different manufactureres"

    Relevant Pages

    • Re: Zotob worm patch?
      ... If the firewall fails you don't have any internet ... > cause a custom application to fail or some cheap hardware device to fail ... > or updates. ... > and didn't need SP2 to keep working, many things were impacted by SP2 ...
    • [OT?] Firewall problems
      ... The problem is, our firewall does a reverse DNS lookup on incoming traffic, and it rejects all traffic that fails that test. ... Some fail because they have no reverse lookup at all, and some because it is no the same as what is in the packets that are being received. ... I suspect that not many fail, but I work for the U.S. DoD, and some people think they are being kept from our web server for sinister reasons. ...
    • Re: More on garbage
      ... Are you implicitly assuming that the firewall implementor ... specify their networking properties in detail. ... It is very common for the action of opening or closing a port to ... Polite words fail me. ...
    • RE: [fw-wiz] Query regarding Cisco Router
      ... I want to terminate both on router Cisco 1751V and configure it for fail over i.e fail over of ISP ... Firewall is to be configured for Leased Line ISP provider. ...
    • RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
      ... Sounds like it about as easy to shutdown as Microsoft's SP2 firewall... ... it fails integrity checks and the firewall will fail ... Configuration files are protected ...