On 2010-02-01, Keith <ke...@scott-land.net> wrote: > I've used OpenBSD & PF for a number of years without issue and am now in > the position that I want to create a dmz between the Internet and my > organisations WAN. Our security people are asking if the firewall that > we use is accreditated by ITSEC and I am pretty sure it isn't but it > turns out that our security people will be happy is the firewall is > accredited for use by another government !
You could always put an accredited firewall behind the real one. This also means you can tick the 'multi-vendor' box. To reduce your management hassles you could just leave all ports open.