creating a DMZ -- seeking firewall advice

Andy Bradford amb-plug at
Tue Mar 8 17:10:00 MST 2005

Thus said Michael L Torrie on Tue, 08 Mar 2005 11:23:16 MST:

> I'd think seriously  about a linux firewall. You pay  through the nose
> for a dedicated "appliance" which is really the same thing. But on the
> other hand, think about those  who will support this. Sometimes paying
> for Cisco is a good idea.

I would  second this idea.  Using commodity  hardware for a  firewall is
much easier  to deal with  when there are  problems. You think  you have
good support  when you  pay $5000  for a  router, you're  wrong. Cisco's
policy on RMA is  10 day turn around. You can pay  $1500 to expidite it,
but if it goes down on Friday,  expect it on Monday (1 day turn around).
Of course,  if you  can afford  it, you can  pay the  annual maintenance
which gives  you 4  hour turn  around. With  commodity hardware,  on the
other hand,  if a network  card dies, you  can replace it  much quicker,
cheaper and easier. If the power supply  dies you can replace it just as
easily. And the most you are out is $30--60. Heck, if the whole PC dies,
you could easily replace it for $600 or less, unless you need rackmount,
in which case its  more like $1000 or less. Still less  than the cost of
the annual maintenance or the 1 day turnaround fee of $1500.

In short, just because you pay $5000  for a router and it fails, doesn't
mean a darn thing to Cisco. They'll ship you an RMA in 10 days.

GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204  2219 A43E F450 A638 88C9)
[-----------[system uptime]--------------------------------------------]
  5:09pm  up 131 days, 21:57,  1 user,  load average: 1.00, 1.00, 1.00

More information about the PLUG mailing list