Firewall Wizards mailing list archives
Re: Once again..appliance firewall input requested
From: Kevin <kkadow () gmail com>
Date: Fri, 21 Jan 2005 19:30:43 -0600
On Thu, 20 Jan 2005 12:57:41 -0800, Matt Bazan <Mbazan () onelegal com> wrote:
I'd like input on what people are using and their satisfaction levels with them.
Assuming a stateful inspection packet filter with very limited protocol awareness is acceptable to you, then the PIX could be a good fit. Since you don't have "Deep Inspection" now, you won't lose functionality going from Netscreen to PIX. For an organization with open-minded management and a willingness to "get under the hood" (and where a GUI is not a requirement), my personal preference would be to deploy OpenBSD as a failover pair on quality hardware. This approach, IMHO, provides the ultimate in "Configuration flexibility" and granular NAT, but does require some Unix skills to install, manage, and to and perform OS versions upgrades no less often than once per year (OpenBSD releases every six months, support/patches are available for the current version and one version back). Kevin Kadow _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Once again..appliance firewall input requested Matt Bazan (Jan 21)
- Re: Once again..appliance firewall input requested Victor Williams (Jan 21)
- Re: Once again..appliance firewall input requested Jason Hamilton (Jan 21)
- Re: Once again..appliance firewall input requested Adrian Grigorof (Jan 24)
- Re: Once again..appliance firewall input requested Jason Hamilton (Jan 21)
- Re: Once again..appliance firewall input requested Kevin (Jan 24)
- Re: Once again..appliance firewall input requested Victor Williams (Jan 21)