On Tue, 1 Jun 1999, gill wrote:
> Date: Tue, 1 Jun 1999 23:12:19 -0400
> From: gill <[EMAIL PROTECTED]>
> To: Peter Bruderer <[EMAIL PROTECTED]>,
> Chris Michael <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: RE: Why not NT?
>
>
> Good point, but you wouldn't be running anything else on the firewall box
> anyway, right?
So, rather than running DNS on the firewall, you'd provide another
network dependency to a seperate box that's not running NT? Maybe you'd
have all the clients resolve instead and open that can of worms? Neither of
which explains how two supposedly identical machines have different
behaviour. To provide assurance, you have to be able to test and verify
functionality. Being able to pare down critical code is *very* helpful
in that. MS' approach to OS architecture hasn't been condusive to doing
so. If you deploy two firewalls for redundancy, and one crashes with
fragged SYNs and one doesn't, how can you have any level of assurance in
the system? Reboots may be ok for desktops, infrastructure should be
properly designed.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
