Hi Sean,
I am a Linux head my self, and one of our firewalls is in fact running
on a Linux box. The only problem with this type of firewall is that you
inherit all of the known bugs that the software has. Given that the source
code to Linux is widely available, you have a lot of very talented people
out there who know these holes and are able to exploit them very easily. If
you are really keen on a Linux firewall, I would suggest you look at some of
the firewalls running on a cut down version of Linux. One such firewall is
Watch Guard, (there are many around). We also use one of these in our
office. The plus to one of these firewalls is that these guys do it for a
living. If you maintain your own Linux firewall, you will need to
continuously look for the latest bug fixes to install on your Linux box to
address the latest round of holes that have been released.
Cisco and companies such as Watch Guard closely guard their source code,
often you can elect to take on a maintenance contract with the firewall
where you recieve all the latest fixes for a 12 month period (this is what
we did). As this is their bread and butter, they spend a lot of time
looking for holes and fixes to known bugs.
We do not use a PIX firewall, but we have used Novel Boarder manager, Watch
Guard, Linux and one of the Nokia firewalls (I do not know which). All have
their good and bad points, the main plus for each of the commercial packages
is that there is large support base, where as skilled Linux admin staff who
can lock down a firewall are very few and far between.
Good luck with your firewall, hope this is of some assistance.
Stuart Brockwell
Engineer - Network Planning
Primus Telecom (Aust)
MCSE, CCNA, CCDA
""Sean Young"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Everyone,
>
> My company is putting me in charge in implementing a Firewall for our
> company. One guy in my networking group is recommending PIX Firewall.
> Furthermore, he also recommends a Cisco Web-caching engine. His reason
> is that not only Cisco is good Firewall but it also provides VPN
> connectivity to our remote sites. Myself, on the other hand, would
> like to implement Linux-based OS firewall along with FreeS/WAN VPN
> features set. My reason is that a linux firewall can provide everything
> a Cisco PIX does and even more. In term of hardware, the linux Firewall/
> VPN/IPSec box will be running a dual-processor (800MHz) with 1GB of RAM.
> I just feel that I can get a lot more for the amount that we are going
> to spend with linux than with Cisco PIX. I also feel that I tweak the
> source code on the LINUX kernel to increase the performance and security.
> Also, instead of purchasing the Cisco web-caching engine, I am thinking
> of building another linux box that will be running squid (web-caching)
> server. Don't get me wrong, I think Cisco has a lot of good products
> in the area of routing; however, I just don't think it is necessary to
> throw away money at Cisco when I know that Linux or BSD can do the same
> job that PIX and Cisco web-caching engine do but for much less and also
> I can control the source code. Has anyone has experiences with both
> the Linux/BSD, Squid and Cisco PIX, Cisco web-caching engine so that
> you can give advice on what I should do. I am open to your suggestions.
>
> Many thanks.
> Sean
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
