Linux Based Firewalls

bscott at ntisys.com bscott at ntisys.com
Tue Nov 18 19:48:35 EST 2003 

On 14 Nov 2003, at 10:16am, lists at karas.net wrote:
> Not to slight you, but I can find many companies that will support other
> vendors products, but I want a channel into the actual mfgr.

  That is one of the selling points of Open Source.  If it's broken, anyone
can fix it -- you don't *need* a channel to the actual manufacturer.  All
you need is a competent professional.
 
> So, when we see very "odd" occurrences of problems, that are often due to
> a firmware bug, we can get a direct answer.

  This is even better.  I'm sure everyone has experienced a vendor who says,
"Oh, no, it couldn't *possibly* be a bug in our product.  You must be doing
something wrong."  And then, of course, it turns out that it *is* a bug,
they just didn't want to admit it.  With Open Source, you've got the source.  
Suspect a bug?  Check the code and prove it.

> My concern isn't in making it work, or handling the general oddities, it's
> when things go REALLY wrong.  At 2AM.  On a Saturday. During the
> holidays...

  That can be arranged as well.  Or you can arrange it with multiple
companies, for redundancy.  Or put someone on staff that knows what is
needed.  You don't have that option with a closed product.

> I meant linux firewall products in larger-scale deployments.

  That I don't have information readily available.  But I suspect it's still
not insignificant.

> I *do* however sometimes feel that maybe people try to shoehorn a linux PC
> into a place where an embedded device is a little more appropriate.

  I agree completely.  But I also feel that:

  - People sometimes incorrectly attribute a magical goodness to appliances, 
    as if just because it doesn't look like a general-purpose computer, is is
    automatically better for the advertised task.

  - People sometimes incorrectly think that just because they're paying big 
    bucks to a big name company, they're getting a better product.

  - People don't always realize that Open Source often gives one more
    options for availability, not less.

  Note that I'm not necessarily claiming you're one of the people in
question.

>> While they often achieve excellent performance through the use of ASICs,
>> that comes at a high cost, and the price/performance ratio of a fast,
>> general-purpose computer is quite often better.
> 
> One thing I've learned over the years, is that the higher costs are
> usually justified when you're running a lot of billable services off the
> platform.

  Higher prices are justified, *if* you actually get something for those
prices.  But all too often, people are just paying for a name plate.  If one
can save $4000 without loosing any benefits, then one should do so (or they
risk loosing to their competition).

  Note that I'm not claiming that the costs you're paying for whatever
appliances you may be using are not justified.  I'm just pointing out that
they're not *automatically* justified.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list