Re: router

From: Leythos (void_at_nowhere.com)
Date: 06/16/04


Date: Wed, 16 Jun 2004 12:55:55 GMT

In article <LBTzc.29$M93.24@newsfe5-gui.server.ntli.net>, abuse@
[127.0.0.1] says...
> A better argument (based on the assumption that running anything other than
> firewall software on a firewall is A Bad Idea(tm)), is that a generic[1]
> *nix box can be more versatile, by including things like DMZ routing
> functions.

Actually, a lot of firewall appliances have three networks, the public
side, the trusted side, and the DMZ. Many of the smaller firewall
appliances (not the cheap routers) are now including this same three
port design. Some of the cheaper ones give you the ability to direct all
DMZ traffic to a single IP (not an ideal solution) that you can do
anything you want with (attach a router/nat and you have another
network).

You are right though, I only run a firewall on the system that is
designated as the firewall. I can't imagine anyone running Office or
PhotoShop on a FW-1 firewall box :)

I've found the same as you - an appliance is easier for customers to
maintain, less problems for them to work with, and easier on space and
electrical costs - less heat output too in most cases.

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)