Firewall Wizards mailing list archives
RE: Multiple firewalls from different manufactureres
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 28 Jan 2005 15:56:13 -0500 (EST)
On Fri, 28 Jan 2005, Eugene Kuznetsov wrote:
Hmm, this is pretty interesting, because it's contrary to what I hear elsewhere. Could you talk about why you would rather get software instead of
That's because most people make purchasing decisions based on market "trends"- the IT field is the example of "if everyone else jumped off a cliff" turning an industry into Lemmings.
a sealed appliance -- ignoring, for the time being, the cases where the appliance includes hardware acceleration for some aspects of security processing. Is it perceived cost? Desire to reuse old hardware? Even for Checkpoint, over 50% of the business is appliance-based, maybe more now.
1. Lack of vendor lock-in for hardware. Wait until a NIC fails on your appliance at 8PM Friday before a 3-day weekend. 2. Ease of rescaling to meet demand. Wait until your company buys a whole new division unannounced and plants them all behind your firewall. 3. Lack of vendor lock-in for software. Wait until your vendor decides that some newfangled marketing thing is better for your enterprise than the old solid proxy you evaluated and made your purchasing decision on.
Now, granted, if what you're getting from the vendor is the dreaded "server appliance" -- the same Dell 1U server with RedHat & some custom software preinstalled -- it probably doesn't matter.
It doesn't matter. "Appliances" aren't special. They're still computers, they still have hardware, software and firmware. Since there's nothing magic about them, the current trend to get the snazzy looking, but impossible to upgrade box seems rather silly to me. As for "performance"- for most companies, the additional "speed" doesn't matter, as the latency in the middle is going to get you anyway, decreasing Web access by two tenths of a millisecond through the firewall's buffer just to have the packet sit in the upstream router's buffer really isn't all that good. I did a series of tests at one place of employment to dispel the "proxies suck" myth, and the difference of hardware acceleration to end-users is often so negligible that you can't quantify it at normal traffic patterns and loads. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Multiple firewalls from different manufactureres MHawkins (Jan 27)
- RE: Multiple firewalls from different manufactureres Frank Knobbe (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Message not available
- RE: Multiple firewalls from different manufactureres Marcus J. Ranum (Jan 28)
- Re: Multiple firewalls from different manufactureres Joseph S D Yao (Jan 28)
- RE: Multiple firewalls from different manufactureres Marcus J. Ranum (Jan 28)
- RE: Multiple firewalls from different manufactureres Frank Knobbe (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- <Possible follow-ups>
- RE: Multiple firewalls from different manufactureres Behm, Jeffrey L. (Jan 28)
- Re: Multiple firewalls from different manufactureres Keith A. Glass (Jan 28)
- Re: Multiple firewalls from different manufactureres Joseph S D Yao (Jan 28)
- RE: Multiple firewalls from different manufactureres Eugene Kuznetsov (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- RE: Multiple firewalls from different manufactureres Jim Seymour (Jan 28)
- Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres Keith A. Glass (Jan 28)
- Re: Multiple firewalls from different manufactureres Joseph S D Yao (Jan 28)
- RE: Multiple firewalls from different manufactureres Hurst, Dave (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- RE: Multiple firewalls from different manufactureres Behm, Jeffrey L. (Jan 28)
- Re: Multiple firewalls from different manufactureres Keith A. Glass (Jan 28)
- RE: Multiple firewalls from different manufactureres MHawkins (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)