creating a DMZ -- seeking firewall advice

Michael L Torrie torriem at chem.byu.edu
Tue Mar 8 11:23:16 MST 2005


On Tue, 2005-03-08 at 10:49 -0700, Ryan Byrd wrote:
> so our small business is becoming a medium-sized business and we are
> planning on switching from a bunch of servers running iptables to a
> more enterprise layout with a couple of hardware firewalls creating a
> DMZ for our webservers.
> 
> Any advice? I head that Cisco PIX firewalls are industry standard for
> this type of thing. Anyone have any experience with those? Is there a
> less expensive but equally as robust firewall?

We just bought a Cisco PIX for our department.  The only reasons we did
so was that we wanted a device that a) had no hard drive and b) had a
flexible web interface.

However, the Cisco PIX is an amazingly overpriced little beast (all
models).  They are basically just Celeron 1U machines with flash drives
with about 256 MB of ram (more on the higher models) and a couple
(expandable) of interfaces.

For half the price you could install a 1U linux box, stick in a few
nics, and install one of the many firewall distributions that come with
a nice web interface.

I'd think seriously about a linux firewall.  You pay through the nose
for a dedicated "appliance" which is really the same thing.  But on the
other hand, think about those who will support this.  Sometimes paying
for Cisco is a good idea.

Michael


> 
> ideas?
> 
> mrb
> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at irc.freenode.net   |
> `==================================='
-- 




More information about the PLUG mailing list