RE: Firewall Costs

From: Keith.Morgan (
Date: 11/24/01

Message-ID: <>
From: "Keith.Morgan" <>
To: 'Thomas Ullrich ' <>
Subject: RE: Firewall Costs
Date: Sat, 24 Nov 2001 02:45:48 -0500

We provide linux based firewalls at roughly $2k per install. This
would include hardware, software, setup, etc.... complete with IPSEC VPN
software, and SNORT IDS. Now, management is usually roughly 5-10 hours
per month depending upon the rate of vunerability releases and bug

$15k for three pix firewalls sounds about right, fully deployed.

If we were to offer you a pix solution, you'd get a similar quote from
us. But I point out the linux solution because you can get 90% of the
functionality for about 10% of the cost if you do it yourself. Also, this
should help to illustrate how wide the selection is of firewall products
out there. If $15k is too much, hunt around for a solution that's closer
to your budget. It can certainly be done cheaper, but evaluate the
functionality and performance of each option.

We like linux firewalls for customers that are unwilling to pay for
checkpoint, pix or other higher-end solutions.

If it's too much, look around, you'll find something. For pix though,
the quote you have sounds about right.

-----Original Message-----
From: Thomas Ullrich
To: Security-basics
Sent: 11/23/01 9:50 AM
Subject: Firewall Costs

Hello everybody,
our IT provider offered us a FW solution to separate three industrial
production subnetworks from an
LAN used by the office personal. There is the necessity to have some
data exchange between a couple of
NT machines on the different networks. The offer was a CISCO PIX 515-UR.
They want to have almost 15.000 US$
plus about 11 persondays every year for maintaining the FW. Sounds quite
high to me. What are your experiences?


Relevant Pages

  • Re: [fw-wiz] PIX firewall licensing and beyond (newbie)
    ... >> I come from a linux admin background and have an assignment to setup a pix ... >> firewall. ... This is new territory and will be my first time playing with pix ... And the other way is to make it so complicated that there are no obvious deficiencies. ...
  • Re: Firewall recommendations?
    ... I've worked with Netscreen, PIX, Borderware, Linux IPCHAINS, Linux ... IPTABLES, Firewall Toolkit, Socks, and Raptor...not to mention the SOHO ... PIX is a good first layer firewall. ... Borderware is based on a hardened BSDi, so it runs on Intel hardware. ...
  • Re: Kindly help me with this PIX problem
    ... If you have read the configuration that I posted, ... firewall configuration didn't change over many years and it did work ... PIX, our company cannot send or receive email. ... That command allows ssh to the PIX, ...
  • Re: Firewall for laptops, corporation with 1,000 laptops
    ... I disagree completely that all you need is a PIX to protect your network, ... PIX does nothing to protect you from VPN ... alerting, which are essential to a firewall solution, are lacking.] ... the PIX firewall does nothing to protect a roaming laptop from ...
  • Re: Cisco PIX fixup protocol command
    ... The PIX is a stateful firewall and maintains state on ... The reason why a security evaluation might result in a recommendation to ... is no need to have the SMTP fixup enabled. ...