creating a DMZ -- seeking firewall advice

Michael L Torrie torriem at chem.byu.edu
Tue Mar 8 13:53:26 MST 2005


On Tue, 2005-03-08 at 13:50 -0700, TJ Hunter wrote:
> On that note, I know someone who is trying to sell a pix. I don't have
> the specs right now, and I know that it needs a firmware upgrade. You
> would have to buy a support agreement with cisco in order to download
> that from them. But if anyone is interested, email me off list and
> I'll get the specs.

Or you could find someone with Cisco access and get them to download the
firmware for you...  I've never liked how cisco doesn't provide free
firmward for their hardware.  They want you to pay for it again and
again.

Michael


> 
> 
> On Tue, 8 Mar 2005 13:41:54 -0700, Josh Coates <jcoates at archive.org> wrote:
> > 
> > not to be butthead or anything, but..
> > 
> > >it's possible that a cisco box, running their embedded IOS instead of linux
> > would be a touch faster
> > 
> > highly unlikely.
> > 
> > >there are several advantages to having a DMZ for your webservers and hiding
> > the application and database servers on the inside, don't you think?
> > 
> > of course.
> > 
> > >Having hardware appliances might make it easier to configure
> > 
> > this has nothing to do with 'hardware'.  but, yes, appliances are typically
> > easier to configure.  but then again, iptables isn't that hard to setup.
> > 
> > >No need to worry about patching/locking down anything else, like you'd have
> > to consider with a linux box.
> > 
> > run debian stable and simply use iptables to lock everything down.  it's
> > really, really easy.
> > 
> > >ever tried to cut down a tree with a swiss-army knife saw-blade?
> > 
> > no.
> > 
> > okay, so it sounds like the summary is:
> > "i don't have time/energy to invest in learning how to do this with linux,
> > so i'm going to throw money at the problem to make my life easier - does
> > anyone know of a firewall appliance?"
> > 
> > this is a *perfectly valid* reason for wanting an appliance, but this is
> > your reasoning, no?  i was just curious about any specific reasons you had
> > for not just using iptables, because i'm sure there must be some good
> > reasons for it (i've recently been told that iptables doesnt work well w/
> > multiple vpn sessions for example.)
> > 
> > sounds like you should just go w/ pix - but at least buy 'em from ebay. ;-)
> > 
> > Josh Coates
> > http://www.jcoates.org
> >
> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at irc.freenode.net   |
> `==================================='
-- 




More information about the PLUG mailing list