> security expert, it's their fault, not the device. The GUI features just
> make
> things easier to configure.
>
..or misconfigure. ;-) Sorry, couldn't help that.
> And for the CLI guru's, there will always be support for command line
> interface which in turn will always provide more features not available
> through GUI.
>
This shouldn't necessarily be so, but it is what we see most of the time. A
good GUI can help by being more informative than pure text output and it can
help avoid mistakes that complicated command syntax may cause. A lousy GUI
can do the opposite. GUIs generally make batch processing and I/O to and
from arbitrary destinations and sources respectively when dealing with rule
manipulation more difficult.
> For the OS's minded people, you have to build the system so you need
> working
> knowledge in that particular area. Configure and harden the system, ADD
> another NIC card to make it a Multi-Homed Machine and configure
> Packet-Forwarding.
>
Yes. Do it once, document it, make sure you know why you did what and what
is left on the system for what purpose, create a disk image or install
script and the next time it's not much work any more.
> Always stay up to date on latest patches for the Firewall AND the OS.
>
True. Wouldn't you do that with a 'hardware' firewall as well? Note that
firewall machines typically have very few components installed on them,
compared to typical server or workstation installations, so updating and
patching them doesn't happen nearly as often as Bugtraq may lead you to
think.
> In my opinion there is just too much involved and to set up a firewall
> that
> way.
>
Whatever you please. I prefer to know what's going on inside the boxes I
have, so I like general (non-Redmond) OS solutions.
Tobias
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
