On the performance front, a Pix 525 will sustain just under 400MB of
throughput, most if any Linux based firewalls will not touch that... On the
Price front, correct, the Pix 525 is a fairly expensive unit, but you are
able to drop to a 515 which will support 172 MB sustained throughput and 6
interfaces if you purchase the un-restricted version. The 515 restricted
version comes in at about $5300 with three interfaces and will still support
the same throughput numbers and 65K sessions.
Chris Lemagie
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Friday, March 23, 2001 9:38 AM
To: [EMAIL PROTECTED]
Subject: Re: Performance Comparision between Linux OS Firewall and Cisco
PIX 525
How about if the customer is strapped for money. I work at a school.
Luckily our students haven't gotten sophisticated enough to break into the
Linux firewall but I don't the think that day is too far away. Some of them
are very smart and they are learning Linux and networking in their classes.
But PIX is too expensive, I think??
Priscilla
At 09:24 AM 3/23/01, Rik wrote:
>I have seen way too many Linux firewalls hacked as a result of
>mis-administration. Now, I'm not assuming anything about your abilities as
>the last confirmed hack that I was notified about was a Linux FW setup by 2
>guys that I know to be excellent Linux admins. The problem is the inherent
>nature of the beast. A PIX is totally secure right out of the box. The
>last Linux hack I speak of was hacked based on an exploit within BIND and
>had nothing to do with the FW policy.
>
>I also find the PIX to be MUCH easier to configure and setup. I can do in
>only a few lines of code what could possibly take pages and pages of code
in
>Linux. When talking about firewalls, simplicity is a critically important
>concern. One compromise could easily remove any upfront cost advantage
>Linux has over Cisco. Also, you don't have to be concerned with shutting
>down unused services on a PIX as you would on Linux.
>
>Go with the PIX. It was designed from the ground up to do just what it
>does: protect your network. Cisco claims that a properly configured PIX
has
>never been compromised. I believe them.
>
>Rik
>
>
>""Sean Young"" <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi Everyone,
> >
> > My company is putting me in charge in implementing a Firewall for our
> > company. One guy in my networking group is recommending PIX Firewall.
> > Furthermore, he also recommends a Cisco Web-caching engine. His reason
> > is that not only Cisco is good Firewall but it also provides VPN
> > connectivity to our remote sites. Myself, on the other hand, would
> > like to implement Linux-based OS firewall along with FreeS/WAN VPN
> > features set. My reason is that a linux firewall can provide everything
> > a Cisco PIX does and even more. In term of hardware, the linux
Firewall/
> > VPN/IPSec box will be running a dual-processor (800MHz) with 1GB of RAM.
> > I just feel that I can get a lot more for the amount that we are going
> > to spend with linux than with Cisco PIX. I also feel that I tweak the
> > source code on the LINUX kernel to increase the performance and
security.
> > Also, instead of purchasing the Cisco web-caching engine, I am thinking
> > of building another linux box that will be running squid (web-caching)
> > server. Don't get me wrong, I think Cisco has a lot of good products
> > in the area of routing; however, I just don't think it is necessary to
> > throw away money at Cisco when I know that Linux or BSD can do the same
> > job that PIX and Cisco web-caching engine do but for much less and also
> > I can control the source code. Has anyone has experiences with both
> > the Linux/BSD, Squid and Cisco PIX, Cisco web-caching engine so that
> > you can give advice on what I should do. I am open to your suggestions.
> >
> > Many thanks.
> > Sean
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
