RE: SCC buys Gauntlet

["Woeltje, Donald" <dwoeltje () sebh org>]

If I were you, I'd quit complaining and just use what you feel best suits
your organization, as there is obviously no convincing you that you might be
wrong. Regardless, as for the rest of this, I could provide you with an
equally equipped, equally powerful, equally stable CISC-based computer (a
"PC") at one fourth to one fifth the cost of a similarly equipped Sun
computer (I know this because I've done it time and time again; I build them
myself out of only the highest quality parts on the market; I have just such
a system at home (along with my other five computers) that has been running
non-stop (except for hardware additions or OS upgrades) without a failure
for the past 10 years). I've got one at my desk (the very computer that I'm
using right now) that would kick my Ultra 10's butt and has all the features
that you've listed (features that my Ultra 10 doesn't even have in it);
UltraSCSI RAID (Level 5), triple power supplies, serial management
interface, dual 1GHz processors, 4 GB's of RAM, over 300 GB's of disk space,
Fibre Channel RAID (Level 5), hot swappable drives for both the Fibre
Channel RAID subsystem and the UltraSCSI RAID subsystem, a high-end video
card, MPEG-2 decoder card, sound card, fiber gigethernet NIC, multi-port
modem card (six 56K ports), a 21" Mitsubishi DiamondScan monitor, and a BEST
Fortress 1425 UPS. And, with the exception of the Fibre Channel RAID 5
subsystem (which was a high-priced add-on from Raidtec), I built the whole
thing for one fourth what a similarly priced Sun would have cost. It's two
years old and I've never had a failure of any kind. Two years isn't very old
but then I've only been here a little over two years.

Now, it is true that Sidewinder doesn't support all the hardware that I put
into this server......but then who needs to put a Hollywood Plus MPEG-2
decoder card into a firewall? (for that matter, ordinarily, who would need
to put it into a server?; but then this server is also my
workstation.....not accepted practice but when funds are tight, you have to
make do with as much of what you have as is possible). In your other email,
you say that Sidewinder doesn't support GigEthernet. That's not true. It
most certainly does. It may not support the NIC that YOU want to use, but it
certainly does support GigEthernet. And if you have GigEthernet, you
certainly don't need Quad-port Ethernet cards. Besides, what are you
protecting with your firewall? Most people protect their trusted networks
(their internal network) from either a perimeter network ("DMZ") or an
untrusted network, directly (usually, the Internet). Do you have have 20
T3's connecting you to the Internet? Because that's what you'ld have to have
to make it worthwhile having GigEthernet interfaces in your firewall. If you
just have a T1 connection, then you'll never need anything more than just
10BaseT NIC's in your firewall. If you have a T3, then you'll never need
more than FastEthernet NIC's in your firewall.

I'm sorry, but it appears to me that your arguments simply don't stand up to
logical application. It appears that you are simply trying to find things
that Sidewinder can't do and then use that as the basis for your arguments.
But the simple fact is that I can prove to anyone, that wants to come onsite
and see for themselves, that a CISC-based computer can be constructed with
all the features (other than Reduced Instruction Set), power, and
reliability that you can find in a similarly equipped Sun but at one fourth
the price. And there isn't anything that you can do with a Gauntlet (that
you really need) that you can't do with a Sidewinder (and, in my opinion, a
Sidewinder is more secure).

> -----Original Message-----
> From: firewalls () msg net [SMTP:firewalls () msg net]
> Sent: Thursday, February 21, 2002 6:30 PM
> To:   ark () eltex ru
> Cc:   firewall-wizards () nfr net
> Subject:      Re: [fw-wiz] SCC buys Gauntlet
>
> > What's wrong with PC hardware? Things like Netra X1 are very close to
> PC's,
> > i'd say those are PCs with sparc CPU - same stuff, pci, ide, ...
>
> They make a nice desktop, but I would't deploy a Netra as a server,
> much less as a enterprise firewall.
>
>  We buy the 280R, a lower-end server grade system.
>
>
> > Why does it make so big difference for you?
>
> (I explain this further in my other message to the list today)
>
> Things like the RSC and the full remote serial console support from
> initial
> power-up through POST through power-down make a big difference.
>
> Features like RAID, redundant power-supplies, serial management
> interfaces,
> true 64-bit kernels, multiple-CPU support (2,4, or 12 CPUs) solid SCSI
> hardware and software including hot swap, FC-AL drives, and support for
> gig interfaces can be obtained in the PC market (at a price), but are
> all standard on modern Sun servers.
>
>
> What I would like to see is for Secure Computing to port the best features
> of Sidewinder into Gauntlet, using Sparc hardware and trusted Solaris 8/9
> for 'mandatory access control'.
>
> What I fear is that in order to continue to have support for our firewalls
>
> two or four years down the road, we would be required to scrap the Sparc
> hardware and migrate to a PC platform.
>
> At that point we would need to seriously evaluate our options, including
> switching to another firewall product that _will_ run on Sparc 64, or
> developing our own in-house solution.
>
> Kevin Kadow
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards