RE: Hardware vs. Software firewall reliability

["Lart" <lart () hacksec org>]

: -----Original Message-----
: From: owner-firewall-wizards () lists nfr net
: [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Marcus J.
: Ranum
: Sent: Wednesday, September 08, 1999 9:50 PM
: To: firewall-wizards () nfr net
: Subject: Re: Hardware vs. Software firewall reliability
:
:
: Bill Stout wrote:
: >I notice that more firewalls are of the hardware type.
:
: Yup. It's because vendors are sick of being tortured over operating
: system issues, so they choose to hide it. If you come out with an
: overtly UNIX product, the NT heads will scream until you make an NT
: version and then the various UNIX factions will bicker over which
: UNIX flavor and hardware you support.

The "black box" vendors, however, seem to have chosen (for the most part),
an Intel x86 CPU and some form of x86 Unix (FreeBSD and Linux primarily).
Take for example the Nokia/VPN-1 boxen.  At the core, they run what's
basically FreeBSD.  It's been significantly modified, but it's still FreeBSD
at the core.  Same goes for Internet Devices'
(now Alcatel) Fort Knox.

Personally speaking, I love watching NT guys shriek in terror as they watch
me configure an NT box for use with FireWall-1.  I start by removing all of
those pesky network services like Server and Workstation.  They tell me how
NT won't work, that it needs those services just to boot.  Bzzzzz.  It's
really quite fun to watch the look of panic, and then the puzzlement when
you tell that you just turned their precious NT box into an IP router that
happens to look like Windows....

--lart