creating a DMZ -- seeking firewall advice
amb-plug at bradfords.org
Tue Mar 8 17:10:00 MST 2005
Thus said Michael L Torrie on Tue, 08 Mar 2005 11:23:16 MST:
> I'd think seriously about a linux firewall. You pay through the nose
> for a dedicated "appliance" which is really the same thing. But on the
> other hand, think about those who will support this. Sometimes paying
> for Cisco is a good idea.
I would second this idea. Using commodity hardware for a firewall is
much easier to deal with when there are problems. You think you have
good support when you pay $5000 for a router, you're wrong. Cisco's
policy on RMA is 10 day turn around. You can pay $1500 to expidite it,
but if it goes down on Friday, expect it on Monday (1 day turn around).
Of course, if you can afford it, you can pay the annual maintenance
which gives you 4 hour turn around. With commodity hardware, on the
other hand, if a network card dies, you can replace it much quicker,
cheaper and easier. If the power supply dies you can replace it just as
easily. And the most you are out is $30--60. Heck, if the whole PC dies,
you could easily replace it for $600 or less, unless you need rackmount,
in which case its more like $1000 or less. Still less than the cost of
the annual maintenance or the 1 day turnaround fee of $1500.
In short, just because you pay $5000 for a router and it fails, doesn't
mean a darn thing to Cisco. They'll ship you an RMA in 10 days.
GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204 2219 A43E F450 A638 88C9)
5:09pm up 131 days, 21:57, 1 user, load average: 1.00, 1.00, 1.00
More information about the PLUG