> Yes. I think it depends mostly on the skill set of the > administrator and the budget available. Do not forget to > consider Checkpoint and Netscreen.
We are going to get the Checkpoint package, they said it should be on at least SunFire 280R, so we had the vendor ordering a 280R. We also have two Symantec Firewall/VPN Appliance, they are Linux based, strip down rh with Raptor software, not bad for it's function, but hated it's client, only run on Windows, looks like a few mods from it's windows version. Sometime it reboot the appliance like what it should do on NT when applying changes. I like bsd also, ipfw is pretty good and solid, but I only use it as a bandwidth manager, looking into adding transparent fw on top of it if I have time. oh.. the Raptor Appliance is very picky on NIC for system restore from CD, if the file system get damaged.
