Linux Based Firewalls

[bscott at ntisys.com]

On 14 Nov 2003, at 9:25am, lists at karas.net wrote:
> Overall [Sonicwall] is a Good product, I hesitate to call it great ...

  That's pretty much my opinion of SonicWall, too.  They're okay.  I'm told
more recent firmware releases support X.509 PKI without the need to pay
SonicWall for a certificate from their CA, which was my major objection to
them when I looked at them a year or two ago.  Some of their technical
information was a little greasy, too (e.g., they defined IP fragments as an
"attack"), which made me distrust them somewhat.

  For appliances, I like NetScreen.  Outstanding performance and features, a
nice web UI, plus a CLI available via serial, Telnet, or SSH.

> But the truth is that for an "enterprise" I want something a little more,
> with a vendor I can call 24x7 for support ...

  The company I work for would be happy to provide a 24x7 support contract
for a Linux-based firewall.

> ... and with a larger installed based.

  While it's not MS-Windows, there are still an awful lot of Linux systems
out there.  :-)

  The major benefits to appliance firewalls (like NetScreen, SonicWall,
etc.), as I see them, are: Compact size, low power consumption and heat
dissipation, and no moving parts.  While they often achieve excellent
performance through the use of ASICs, that comes at a high cost, and the
price/performance ratio of a fast, general-purpose computer is quite often
better.

  Of course, there are other reasons to make decisions for or against Linux.  
For example, if one's staff has good experience with Cisco PIX and no
experience with Linux, it makes a lot more sense to go with a PIX.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |