On Thu, Apr 06, 2006 at 08:56:44AM +0300, Gabriel George POPA wrote: > Hello, > > I've heard a lot about those Symantec firewall machines (that cost > something around 15000$-30000$). In fact I don't know many details, just > that customers are pleased to give the money and say that they're safe > behing that Symantec machine. Of course, I encountered people that were > very happy with these systems, but I think they never had a major attack > or something. Just out of curiosity, can OpenBSD do what Symantec does? > Is Symantec's encryption better than that included in OpenBSD (I must > mention that I live in Europe, maybe US export laws apply)? Does > Symantec worth all this money? > On the other hand, I was thinking that maybe, just maybe, Symantec > uses a modified version of OpenSSL on these machines. Is this possible? > > > > Thanks a lot, > > > George POPA
Apples and Oranges. The Symantec firewall appliance is built on what was Raptor. Its proxy based. They have custom proxies for just about any service you'll pass through it. There's also tons of other things it does such as network AV scanning, content filtering, SSL VPN, etc.. OpenBSD/PF does things Symantec can't. And visa versa. It all depends on your requirements. The symantec appliance is more of an all in one box to accomplish a bunch of different things in one machine primarily from small business or remote offices. In large environments that dont' require any of this other stuff, OpenBSD will kick its ass. Granted, you can run many different proxies on OpenBSD as well as (free) AV scanning and VPN technolgoies but Symantec has an advantage here in that these components are integrated together so that packets are only opened once, and all of these operations are done then versus seperate products manually combined on one install. So, in environments where you'd actually turn all those featuers on, Symantec might be faster. However for most people that wont use all that clutter on their gateway, OpenBSD/PF will blow it away. The Symantec "appliance" is based on redhat with all the OpenSSL/OpenSSH you'd expect on a redhat box. Have I mentioned it depends on your requirements?
