RE: Failover firewalls with ipfw?

From: Jason DiCioccio (Jason.DiCioccio@Epylon.com)
Date: 01/20/01


From: Jason DiCioccio <Jason.DiCioccio@Epylon.com>
To: 'Jorge Peixoto Vasquez' <jorge@aker.com.br>, Sean Lutner <sean@rentul.net>
Date: Fri, 19 Jan 2001 15:53:42 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Better than PIX? That's not a tough claim considering PIX has more
holes in it than the Titanic :-)

Just thought I'd throw my PIX gripe in there.

- -JD-

- -------
Jason DiCioccio
Evil Genius
Unix BOFH

mailto:jasond@epylon.com

415-593-2761 Direct & Fax
415-593-2900 Main

Epylon Corporation
645 Harrison Street, Suite 200
San Francisco, CA 94107
www.epylon.com

BSD is for people who love Unix -
Linux is for people who hate Microsoft

- -----Original Message-----
From: Jorge Peixoto Vasquez [mailto:jorge@aker.com.br]
Sent: Friday, January 19, 2001 12:34 PM
To: Sean Lutner
Cc: security@freebsd.org
Subject: Re: Failover firewalls with ipfw?

Sean Lutner wrote:
> I'm currently doing some research into firewalls, and which one(s)
> would be right for my network. I'm considering everything from
> Checkpoint-1, to Cisco Pix, to ipchains, to ipfw on FreeBSD. My
> question is this. Does anyone out there know of any
> utilities/code/addons I could use to
> implement a failover pair of firewalls using ipfw and fbsd? Ideally
> I'd like to do stateful failover, but having two machines always on
> and a heartbeat solution might wirk as well. If anyone can offer
> some pointers, it would be much appreciated.
>

Dear Mr. Sean Lutner,

Our product does everything you want (except for stateful failover)
and,
altough not open-sourced, is much cheaper than these commercial
solutions you want.

Altough a little bit unknown outside Brazil, we have no fear of
saying
our product is at least in par with Checkpoint Fw1 or Pix, for
instance.

Please take a look at our web page and download a free (english, of
course) evaluation version. If you prefer, please send me your
address
and I'll have our customer service dept mail you a CD ASAP.

jOrge
- --
Jorge Peixoto Vasquez, Elet. Eng.
Aker Security Solutions
Manufacturer of the FreeBSD/Linux Aker Firewall
http://www.aker.com.br
tel. +55 - 61 - 340 9083

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOmjT4FCmU62pemyaEQIPeQCg5jT0FkKgyNB3nC9j9TiTXRjG6DsAnj6N
R/skYSbPpn/5IYcixaQ5e8qx
=m7PA
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: [fw-wiz] PIX stateful failover and separate external circuits
    ... the only requirement to do stateful failover on a PIX is to have ... switch from an extra interface on each PIX. ... the PIXes to use that interface as the stateful statistics one. ... The provider claims that in such a configuration, stateful failover will ...
    (Firewall-Wizards)
  • Re: Best security topology for FreeBSD
    ... > We'll, the answer is simple: money, we don't use something like PIX because ... > I'm worried about NAT, will FreeBSD and IpFilter be able to NAT all of this ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)