Eric Jensen wrote:
As far as efficiency, I gathered from various research that the Linux distros that are focused on being firewalls and pretty good at it and not nearly as much bloat to trim from just a generic Linux install. And if Cisco does all the "features" that most commercial firewalls do, I.E. employee micromanagement, then I doubt that are all that efficient anyway. Our Firebox does what a firewall should, no doubt, but it does a very large list of other things as well. I think if you take a Linux distro that intends to be nothing but a firewall, you would end up being more efficient then a commercial device. But I'm not a Firewall guru by any means, just spent a few months using our Firebox and some casual reading.Distracting day, so excuse the multiple e-mails. Don't want to sound like there is no good reason to go with hardware solutions, most of the micromanagement I complain about can be turned off if you spend enough time in their manual. And they will definately do the firewall job.
Eric Jensen .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
My problem with them is I am a control freak. No matter how much time we spent in the manual we still run accross things that it is doing that we don't want it to and it is causing us greif. For example, it will lock up web pages, including ones we design. No scripting of any kind is done, just very simple HTML and some cookies. You browse around and then bam, you can't load anything on that site for a good 20-30 minutes (we beleive it is cookie related because of that). Happens to sites we commonly go to outside of work too. We try the exact same process on dozens of computers outside of the firewall and it works smoothly. We have a laundry list of odd things like that. It screws with e-mail, file transfers, all kinds of web browsing, etc. So no matter how familiar we get with the manual and the interface we are always feeling like it is doing something that will give us a headache sooner or later. I haven't tried a Linux distro that is supposed to be for firewalls, but from my experience with server and desktop Linux installs I will feel like I am finally in full control of the firewall and can know and understand everything it is doing to our packets.
Eric Jensen .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
