On Wed, 2005-08-03 at 09:47 -0400, Will H. Backman wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of > > Rod.. Whitworth > > Sent: Tuesday, August 02, 2005 9:04 PM > > To: Miscellaneous OBSD > > Subject: Ammunition needed to defend OpenBSD/pf > > > > Somebody sent me a query asking for a justification for my proposal to > > supply a firewall/router using OpenBSD when there was thsi device: > > http://www.dlink.com/products/?pid=327 , with all its claimed bells > and > > whistles. > > > > Anybody know what, if anything, it does that an OBSD solution doesn't/ > > cannot, that may be important? > > > > Or alternatively the reverse. > > Many of these devices provide the "what if I get hit by a bus" > protection of a simple, single purpose system. If you use something > like OpenBSD, it can be viewed as a homegrown application that must be > supported by the organization, and that depends on the individual who > set it up. You don't need to know how to use vi to modify the firewall > settings on one of those dlink devices. > > I'm not saying that a dumb, web configurable device is better. I've > seen too many point and click firewalls that were setup incorrectly by > someone who didn't know what they were doing. Emacs and vi make sure a > total idiot cannot change your firewall settings. > > I have had a $2500 point and click firewall die on me, and the support > contract does me no good during the wait for the next day shipment. I > replaced it with a PC and free software until the new unit showed up. > > If your business, not you, has the skills to manage OpenBSD, then do it.
At my last job, I had a Watchguard firewall with a backup Watchguard sitting on the shelf in case that one died. All of the server traffic went thru the Watchguard and the users browsed through an OBSD box. The first thing my replacement did was to replace the OBSD box with another Watchguard ($700US). I had to reboot the Watchguard about every other month, and never had to cycle the OBSD box. My 2centsUS.
