RE: Multiple firewalls from different manufactureres

["Paul D. Robertson" <paul () compuwar net>]

On Wed, 26 Jan 2005 MHawkins () TULLIB COM wrote:

> "commodity pricing on firewalls"
>
> Am I the only one who fainted when I saw this?

You can get swanky 100Mb/s full duplex boxes for less than USD $1000, and
you can get a PC and add software for around 2x that with all kinds of
redundancy from a top-tier vendor.

That's way less than the ~$70,000 my first commercial firewall cost- and
I don't even want to think of what we paid for the last time I did a "we
need $quantity firewalls."  Funnily enough, when we did maintenance, we
dropped a $600 Linux PC in place with some proxies on it and *nobody*
noticed.  Low thousands of interactive users, low to mid tens of thousands
of e-mail users.

Sure, you can toke off the "need gigabit" crack pipe, "need
IPS/IDS/whatever's next" crack pipe, or whatever and spend waaay more
money, but it's quite possible to protect pretty large enterprises with
boxes that cost 1/20th of what they did back in the day.

These days, if you're spending big bucks for firewalls, it's because some
vendor's convinced you that you need some nebulous "management" foo that
really provides little to no value, or because you've been snowed by the
"need a cluster of sixteen firewalls all working together!" spiel.

Sure- there are exceptions, but in general relatively small and
inexpensive firewalls work perfectly well.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards