Re: Proverbial appliance vs software based firewall

[Mikael Olsson <mikael.olsson () clavister com>]

"Philip J. Koenig" wrote:
> The classic argument seems to be that dedicated-ASIC-based
> firewalls have at least a theoretical performance advantage.
> Various people have been saying, for example, that Checkpoint's
> days are numbered because stuff like Netscreen performs much
> better.

There is an interesting counter-argument:

If you buy a "software" package and install on a piece of hardware,
the ASIC based box will be much faster today, at ~5x the total price
of the "homegrown" solution.

However, in a little while, PCs will have caught up[1] or even bypassed
that ASIC based box. You can replace the PC hardware yourself for $2K. 
How much is a new ASIC based box?


/Mikael

$std_disclaimer: I work for a firewall vendor whose software mainly
runs on x86 architecture boxes.  This however does not mean that I had
these ideas spoon fed to me.  I can think for myself, thankyouverymuch :)

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

[1] PCI-X motherboards are making it out into standard server chassis 
    right now. PCI-X on a cool mobo does _really_ interesting things 
    to network throughput.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards