RE: Intel vs. special purpose FW-1 servers

["Keith A. Glass" <salgak () speakeasy net>]

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of David Lang
Sent: Thursday, July 21, 2005 9:24 PM
To: Emily Conrad
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Intel vs. special purpose FW-1 servers

> there are valid arguments (on both sides) about managing the OS yourself 
> vs trusting the vendor to do all the OS changes (the appliance approach)


True.  If I'm going with a single stand-alone firewall, I'd homebrew it
using commodity gear.

I still lean towards the Nortel/Alteon platform, ***IF*** you're clustering
***and IF*** you're doing a lot of nets or DMZs and don't want to spend all
the remaining budget on high-end switching gear.  We do that, plus load
balancing, using 2 Alteon Directors and 2 Alteon Accellerators, and have
configurable switch ports on the Accellerators to spare.  We run NG AI R55,
and are starting to experiment with NGX (i.e. R60).

Then again, the PREVIOUS time I'd clustered Checkpoint, it was still V4, and
we had not, at the time, moved up to NG AI, and as such, needed a LOT of
Cisco fiddling to make it work. . .

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.2/54 - Release Date: 7/21/2005
 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards