Firewall Wizards mailing list archives

Firewall "appliances" (was Re: External Load Balancing)

From: Kevin <kkadow () gmail com>
Date: Tue, 11 Jan 2005 19:32:22 -0600

On Mon, 10 Jan 2005 17:26:05 -0700, Mark Teicher <mht3 () earthlink net> wrote:

A majority of vendors who build appliances build it for one reason.  They
do not have to hire a bunch of highly skilled technical people for customer
support.  Provide a nice color glossy diagram with lots of circle and
arrows, and the customer(s) are enjoying their appliance purchase, not
unlike the early days of firewalls, where most companies stated: "Oh yeah
our stuff works on that variant of Unix or Windows"  But in reality, one
needed a Phd to configure the underlying O/S just the right way before the
firewall application could be installed, all this with technical support on
the phone or on site.


No argument here.  There are plenty of faulty "appliance" products,
and plenty of "appliances" which, under the hood, turn out to be stock
installations of Red Hat.

In the case of firewalls, I'd argue that there is a difference in kind
between a firewall appliance like PIX (running a minimalistic embedded
OS which now exists solely to support PIX) and something like
"Sidewinder" which is marketed as a firewall appliance but actually
runs a highly customized version of BSD which has been stripped down
to the point that it is not really useful for anything else.

I'm not saying that one is "better" or "more secure" than the other,
just that they are vastly different devices -- the PIX is what I'd
term a "true appliance", while the Sidewinder is an "appliancized
Unix".  Each has strengths and weaknesses.

With the PIX, there really isn't much of any underlying OS to
configure.  This limits functionality, but also eliminates the need
for a Phd to fine-tune the finicky little bits under the hood.  The
downside being, you don't have the option of fine-tuning and
customized the underlying OS if you so choose, but then, neither does
an intruder.

Kevin Kadow
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

External Load Balancing Richard St John (Jan 06)
- RE: External Load Balancing Peter Trembath (Jan 06)
  - RE: External Load Balancing Wes Noonan (Jan 07)
  - Re: External Load Balancing Dave Breiland (Jan 07)
- Re: External Load Balancing Leonardo Valcamonici (Jan 06)
  - Re: External Load Balancing Kevin (Jan 09)
    - Re: External Load Balancing Marcus J. Ranum (Jan 09)
    - Re: External Load Balancing Mark Teicher (Jan 11)
    - Firewall "appliances" (was Re: External Load Balancing) Kevin (Jan 14)
    - Re: External Load Balancing Paul D. Robertson (Jan 14)
- Re: External Load Balancing L Cubed (Jan 06)
- RE: External Load Balancing Dave Wiley (Jan 06)
- RE: External Load Balancing Orca (Jan 07)
- Re: External Load Balancing David Lang (Jan 11)
- <Possible follow-ups>
- Re: External Load Balancing Richard St John (Jan 06)
  - Re: External Load Balancing hutuworm (Jan 11)
- RE: External Load Balancing Warren Verbanec (Jan 07)
  - Re: External Load Balancing John Hall (Jan 09)
- RE: External Load Balancing Joshua Thomas (Jan 11)

(Thread continues...)