From owner-freebsd-questions Wed May 2 6:33: 7 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.wmptl.com (mail2.wmptl.com [216.94.6.26]) by hub.freebsd.org (Postfix) with ESMTP id 3947A37B424 for ; Wed, 2 May 2001 06:33:02 -0700 (PDT) (envelope-from webmaster@wmptl.com) Received: from wmptl.com ([10.0.0.168]) by mail2.wmptl.com (8.9.3/8.9.3) with ESMTP id JAA01875; Wed, 2 May 2001 09:30:09 -0400 (EDT) (envelope-from webmaster@wmptl.com) Message-ID: <3AF00B61.F508D2A6@wmptl.com> Date: Wed, 02 May 2001 09:28:01 -0400 From: Nathan Vidican X-Mailer: Mozilla 4.7 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: questions@freebsd.org Cc: Rob Subject: Re: IPFW versus Hardware firewalls References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Rob wrote: > > Hi, > > I regularly administer some FreeBSD servers, and more recently (as specified > in another email) I will be required to implement several firewalls. > > >From what I 'hear' everyone seems to go the hardware based firewall route - > with Cisco having the most well respected name (at least for marketing > purposes). > > I like BSD, I have been very impressed with the stability and security of > the system. We don't generally see NT boxes on our network with >100 days > uptime, but this seems to be quite common with BSD. I would be interested in > looking into using FreeBSD with IPFW for our firewalls - but I am interested > in your opinions. > > What are the advantages of using IPFW over say Cisco's products? What are > the disadvantages? > > What experiences have you had of using either? > > Are there any comparisons on the net? > > Many Thanks > -Rob > > -------------------------------- > http://www.robhulme.com > http://www.christianunion.org.uk > > "...and scantily clad females, of course. Who cares if it's below zero > outside." -- Linus Torvalds > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message Personally, I take preference to using a BSD box over a hardware firewall. Consider that all hardware firewalls have some sort of software foundation to them, in many cases actually based on BSD code. The biggest advantage, (as I see it), to a hardware based firewall as opposed to a BSD box running as a firewall, is that it boots very quickly, and usually from a ROM. Both offer similar features, (eg plugable hardware data encryption accelerators), with similar capabilities. I find though, that a machine running BSD gives more flexability, and here's why: - The machine can be used to do more than just packet filtering / NAT - The interfaces are much cheaper than most proprietory stuff, (eg: NIC cheaper than Cisco ethernet module) - Dependant upon the system used, you can have the capability to utilize more interfaces, (I have an OpenBSD based firewall with 5 10/100 NIC's in it for example) - P.C.s running as firewalls are generally much cheaper (this being the big one) In terms of performance, I really do not know. I've never really dealt with a 'dedicated hardware firewall', I have implemented packet filtering (ip firewalling) on a Cisco router before though. Just my two cents, but I'd stick with a BSD box to do the firewalling for you. Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://home.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message