On Tue, Jun 1, 2010 at 1:05 PM, Ian Bowers <iggd...@gmail.com> wrote: > > I usually > reccommend a cisco router over a BSD box for WAN delivery duty since > they rarely if ever need patching
Cisco has put out more security updates in the past two months than we have in the 5.5 years this project has existed. The applicability of those varies depending on what functionality you're using, but if you want to maintain a secure IOS, you definitely need to patch more than "rarely". Most FreeBSD security advisories don't apply to us as they're either local only and in our case if you have local access you have root, or they're in components that we don't include. Not that I disagree with the point of your post as a whole. Unless you're in a large datacenter with two drops into your cage or cabinet, you end up with one single point of failure of some sort per-Internet connection, with redundant firewalls behind that. Whether it's a Cisco router with a CSU/DSU, a cable or DSL modem, wireless or wimax CPE, fiber CPE, etc. there is always something. It's unavoidable, which is another reason you want multi-WAN plus redundant firewalls. Re: not having to burn two IPs for CARP, I hope we can get carpdev functional at some point post-2.0 so that won't be necessary. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org