Personally, I'm recommending the firewall appliance type of solution. The
very thread on stripping an OS for firewall use is one of the big reasons.
These appliances are built stripped and that isn't likely to change.
My biggest reason is simply that I don't want to see a client tempted to run
another service on the firewall box. I can just imagine a company that runs
into budget constraints and wants to add network services...they see a
perfectly good server sitting there and it's not doing anything but running
the firewall, right?
Forget the NT vs. UNIX debate. I'm tired of arguing with people that
blindly follow Microsoft and refuse to deal with the technical facts. We
push the idea of a network appliance. Power cable and network connections
with perhaps a power switch on it. ;-)
-----Original Message-----
From: Wong Chun Meng [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 21, 1999 3:37 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: Why not watchguard 2 ? (read on)
Seeing as the ongoing debate on "why not NT" is getting repetitive (on some
points IMHO), why not use a blackbox to solve the problems of a
weak/misconfigurating an OS. With a blackbox, you don't have to worry
anymore on the OS (if you trust the strip down Linux OS in watchguard that
is) but just the configuration of the firewall. So now we have the question,
is watchguard 2 any good? Is it on par with Firewall-1 (on a solaris for nix
sake) in terms of the firewall security (regardless of securing solaris ok)?
I was hoping you guys can give me some input on this.
As I see it, some of you guys might argue to have the ability to have some
control over the OS. Why so? Is it really important to have full control of
the firewall OS? I can think of one reason actually, but it's not really a
big issue... so my question again, is it really essential?
TIA for any input. I'm actually presenting this argument to some
vendor/clients. So any comments is deeply appereciated.
Wong.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
