> Sure, there is firewall software out there for NT. Sure, you can set it up,
> run tests against it and say, "Look how secure it is." That may all be true
> and it may be very secure, indeed...but none of that matters if you have to
> bring down network access to reboot the damn firewall once a week (or more).
> Hell, even once a month would be unacceptable in my book...
Aside from the fact that you are correct that NT may not be the best
firewall platform, I would not say that running a firewall on any Unix
flavor is that much different. You run into the same problems every time,
such as managing the base OS, which means downtime dealing with day to day
management of the OS. You will definitely have less downtime with Solaris
than Linux (yes I know *you* personally can run Linux for years without
rebooting, thats not the point), but the reality is that a firewall
appliance with stripped OS is probably the best way to go. I wont go into
We still have a Cyberguard that crashes every day, with a little more than
a meg of traffic and less than 50% CPU utilization, and no matter what
Harris claims or how much hardware they send (we have a Unisys unit now on
standby, delivering the same crappy results), it will never be fixed. I am
still waiting for someone to tell me how running a firewall on SCO rather
than NT helps me in this case.
I know this is going back to the original assertion, but I as an admin can
make an NT box stable (if I have my way), much like our Unix admins can
make any flavor of Unix stable, and this is in no way a guarantee of a
successful firewall implementation. If you care to know the Cyberguard
will soon be thrown off the top of the building and be replaced with a
Pix, the only thing I can be certain of at this point.
So what was the point again?
Misha
Insync Internet Services
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
