Firewall Wizards mailing list archives
Firewall "appliances" (was Re: External Load Balancing)
From: Kevin <kkadow () gmail com>
Date: Tue, 11 Jan 2005 19:32:22 -0600
On Mon, 10 Jan 2005 17:26:05 -0700, Mark Teicher <mht3 () earthlink net> wrote:
A majority of vendors who build appliances build it for one reason. They do not have to hire a bunch of highly skilled technical people for customer support. Provide a nice color glossy diagram with lots of circle and arrows, and the customer(s) are enjoying their appliance purchase, not unlike the early days of firewalls, where most companies stated: "Oh yeah our stuff works on that variant of Unix or Windows" But in reality, one needed a Phd to configure the underlying O/S just the right way before the firewall application could be installed, all this with technical support on the phone or on site.
No argument here. There are plenty of faulty "appliance" products, and plenty of "appliances" which, under the hood, turn out to be stock installations of Red Hat. In the case of firewalls, I'd argue that there is a difference in kind between a firewall appliance like PIX (running a minimalistic embedded OS which now exists solely to support PIX) and something like "Sidewinder" which is marketed as a firewall appliance but actually runs a highly customized version of BSD which has been stripped down to the point that it is not really useful for anything else. I'm not saying that one is "better" or "more secure" than the other, just that they are vastly different devices -- the PIX is what I'd term a "true appliance", while the Sidewinder is an "appliancized Unix". Each has strengths and weaknesses. With the PIX, there really isn't much of any underlying OS to configure. This limits functionality, but also eliminates the need for a Phd to fine-tune the finicky little bits under the hood. The downside being, you don't have the option of fine-tuning and customized the underlying OS if you so choose, but then, neither does an intruder. Kevin Kadow _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- External Load Balancing Richard St John (Jan 06)
- RE: External Load Balancing Peter Trembath (Jan 06)
- RE: External Load Balancing Wes Noonan (Jan 07)
- Re: External Load Balancing Dave Breiland (Jan 07)
- Re: External Load Balancing Leonardo Valcamonici (Jan 06)
- Re: External Load Balancing Kevin (Jan 09)
- Re: External Load Balancing Marcus J. Ranum (Jan 09)
- Re: External Load Balancing Mark Teicher (Jan 11)
- Firewall "appliances" (was Re: External Load Balancing) Kevin (Jan 14)
- Re: External Load Balancing Paul D. Robertson (Jan 14)
- Re: External Load Balancing Kevin (Jan 09)
- RE: External Load Balancing Peter Trembath (Jan 06)
- <Possible follow-ups>
- Re: External Load Balancing Richard St John (Jan 06)
- Re: External Load Balancing hutuworm (Jan 11)
- RE: External Load Balancing Warren Verbanec (Jan 07)
- Re: External Load Balancing John Hall (Jan 09)
- RE: External Load Balancing Joshua Thomas (Jan 11)