On Thu, 2004-05-27 at 12:32 +0800, Paolo Alexis Falcone wrote: > On Thu, 2004-05-27 at 11:57 +0800, Eric Noel wrote: > > Can anyone share configuration/setup procedures for implementing debian > > as a pix/firewall replacement for production? or has anybody secured > > debian to be their production firewall in protecting their financial > > data centric network (e.g banks, stock traders, etc)? Is it recommended, > > or we should just use pix/fw1 for that. > > I've done that in QC City Hall, but it wasn't really a PIX replacement - > the debian firewall I made there was replaced by PIX of a Cisco 6509 :D > > That time I implemented the debian machine as a firewall, there was no > Cisco 6509 there at City Hall :D > > If you've got PIX already - use it. If not, then going for a PC firewall > does save some budget. Pros and Cons: > > PC Router/Firewall: > Pros: dirt cheap, easy to implement, easy to extend functionality > Cons: moving parts, constant patching > > Appliance Router/Firewall: > Pros: Less moving parts, easy to implement, less patching > Cons: TONS MORE EXPENSIVE :D, not easy to extend functionality > > The ideas that you translate in PIX are also applicable in configuring > PC routers - it's just that you'd need to translate them into > ipchains/iptables for Linux, or ipfw/pf for the BSDs.
On the other hand, the CISCO products (those ranging in the millions range) have some cool functionality in them built-in like a Java-based monitoring system, web based thingies, IPSec, damn LOTS OF PORTS for ethernet and fibre channel :D. For a PC-based system, you can install almost-equivalent software or hack your own to customize it, but the number of ports are constrained by the limitations of the PC architecture. It ultimately boils down to what your needs are. -- Paolo Alexis Falcone [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
