> > Each site has it's own concerns, a cookie cutter solution isn't
> feasible.
> > For example for a small company, a freebsd box with squid,
> ipnat, and ipfw
> > may the best solution. But try selling that solution to say excite.com,
> with
> > all the http, smtp and other traffic a site like that generates.
>
> Why not?
> >
1: traffic exceeds the pci bus bandwidth
2: excessive latency in having a application proxies
3: packet filtering routers are sufficient for customer facing systems
4: cost of developing an application proxy and firewall for each new
service.
5: hosts are hardened, so firewall may not buy additional protection
Those are just some i can think of off hand.
Sameer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
