Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)

[<korozion () koroded net>]

I would (personally) use pfSense.  It's FOSS however you can also purchase
commercial support if you so choose.  It supports CARP as well as a host of
other great features (which can be found here ...
http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43).

I'm sure there are other options available out there, however if it was me
in your situation I think this would be a perfect fit.  Again, you can have
it for free but still be able to use some of that money for support (and
perhaps the rest for beer and pizza, but that's another story).

-k

On Sat, 24 May 2008 17:38:12 +0200, Ansgar -59cobalt- Wiechers
<bugtraq () planetcobalt net> wrote:
> On 2008-05-24 Alex wrote:
> > I would like some opinions, again.
> > For a fixed budget would you go for
> >  * an all-in-one "Firewall" ( FW+IPS+VPN+...) ie. Checkpoint,
> >  * a dedicated, known and expensive firewall/gateway with the company of
> > an Open Source solution for IPS, URL filtering etc?
> >  * a full Open Source solution (iptables,snort,ossec,squid etc) and
> > spend the money elsewhere :)
> >
> > The things that concern me are,
> >
> > Redundancy. I can live without IPS for a while but not without Internet
> > ( and by "I" I mean "The Company")
> > Scalability. Not only performance-wise but cost-wise too. I think that
> > having to pay for every "extra feature" is going to lead to Open Source
> > anyway...
> > Complexity. Better to manage one than more, right?...
>
> The answer to your question depends heavily on the actual requirements,
> your network topology, your admins' expertise, and what kind of "fixed
> budget" you have.
>
> Regards
> Ansgar Wiechers
> --
> "All vulnerabilities deserve a public fear period prior to patches
> becoming available."
> --Jason Coombs on Bugtraq