I completely disagree with that statement. It is my experience that a firewall is as secure as it's underlying OS and hardware. Meaning that a) your firewall is as secure as NT is (riiiiiiight) and b) I really do not appreciate getting called at 3 in the morning because the hard drive of the firewall failed.
I personally am a strong advocate of the Netscreen firewalls (www.netscreen.com). Closed-source OS and no movable hardware. I do agree however that your firewall better have a console port and a command interface for when all else fails (which Netscreen has anyways). Nicko -----Original Message----- From: Gordon McKinnon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 11:11 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: What firewall? I would strongly recommend getting a firewall that runs on a box you can log into. We have a WatchGuard Firebox, and it works, but it is hard to troubleshoot problems (look at the logs and hope the linux syslog messages made it through etc.). We had a hardware issue with it, and, as we could not get a command prompt or open the box, it took a while to convince them to replace it (the replacement has been up for three months, no downtime). I would recommend a software firewall running on Unix or PC hardware, and linux or unix software (NT/2000 is a viable alternative, but I'd have more confidence in the lin/unix solution reaching years of continuous uptime). Troubleshooting a system where you can access the O/S is much easier (and you can configure the important parts read only, as on the WatchGuard boxes, if you need the security), and you get a lot more options for configuration (at least if you use a firewall with lots of features e.g. CheckPoint). Gordon -----Original Message----- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Tuesday, November 13, 2001 12:44 PM Subject: What firewall? > >Hi! > > I\'m about to buy a firewall, and I wonder if you people could give me some advices that could help me decide which one that fits me best. See, I\'m quite new with this. > > So, this firewall should protect a quite big serverpark. It has to deal with a lot of information. It might be necessary to use two devices. If it is, the information will be divided upon these two with a load balancer. No special needs for VPN. > > I\'ve been thinking about using Watchguard Firewall 2500 or 4500. I know that 4500 handles VPN though. > > Is this a good choice? Is there sites on the net where products are compared and where you could see the good and the bad of each one? > >Thanks / Martin Andersson > >