> - more scalable
> - more throughput
> - faster then most software solutions
Not always (or even usually) ... this is only true at the high-end price
scale (as opposed to $1000 Netopia/Netscreen boxes).
> - no OS which can have holes / bugs
You don't understand hardware firewalls obviously. Rules are rules, whether
software or hardware. Whether implemented as C or as a Turing machine, a
'program' can have bugs.
> Con's for Hardware FW's
> - expensive
Also:
- Often hard to get updates when bugs are found
- Proprietary. Programmers can't update the back-end software themselves
(like an OpenBSD firewall, for example) or benefit from those who do.
> I personally don't see a big advantage in using hardware
> based firewalls apart from the performance issue.
> People say that an software based one has more administration
> on it's hands (hardening and keeping it up to date with patches
> and such). I see this as a challenge I always like to make.
Its also quite possible that a company could sell a front-end package to
make software firewalls in *BSD or *nix as easy to configure as some other
black-box products.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
