There are some differences. The PIX will be faster than a linux based
solution. This may or may not be an issues for you - it really only matters
if you've got LANs on each side of the firewall.
Also I understand it, you've got to go either application gateway (ala FWTK)
or just neat packet filtering and NAT (ala ipfw / ipchains). The PIX does
smart-ish stateful packet filtering which is kind of a middle ground.
(Am I out of date? Has anyone looked at the SPF stuff that can be plugged
into IPChains or written anything cool along those lines?)
Remember that time is money - even yours. But if the balance still works out
in favour of the *nix solution, I would suggest that you go with one Linux
box and one openBSD box or some similar mis-match of OSs between the two.
You don't want one bug to cut a hole through _both_ your firewalls.
Have fun,
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: Bennett Samowich [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 23 September 1999 6:18 PM
> To: Firewalls
> Subject: Re: Hardware vs Software - Reprise
>
>
> Pardon me if I am mistaken, but it seemed that most of the
> replies pitted
> an NT based firewall against a Cisco one.
>
> For a small organization, say 20 hosts or so, what is wrong with
> refurbishing a few "low-class" machines with FreeBSD or Linux
> and using
> ipfwadm or ipchains to establish an external and internal firewall?
>
> This is not a pitch for Linux or NT, but I have considered
> the dual Linux
> route for my network as the cost of a Cisco setup just isn't
> feasable at
> the moment. Granted there is more work involved in securing two Linux
> boxes vs. two Cisco boxes, but as for security is there a major
> difference? (thinking stability in favor of Cisco maybe)
>
> Any thoughts are greatly appreciated
> - Bennett
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
