From owner-freebsd-questions Tue Oct 23 6: 5:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sage-american.com (sage-american.com [216.122.141.44]) by hub.freebsd.org (Postfix) with ESMTP id E28F237B403 for ; Tue, 23 Oct 2001 06:05:44 -0700 (PDT) Received: from sageone (ppp-208-191-234-207.dialup.crchtx.swbell.net [208.191.234.207]) by sage-american.com (8.9.3/8.9.3) with SMTP id IAA23585; Tue, 23 Oct 2001 08:05:36 -0500 (CDT) Message-Id: <3.0.5.32.20011023080612.00f12f38@mail.sage-american.com> X-Sender: jacks@mail.sage-american.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 23 Oct 2001 08:06:12 -0500 To: "Julian Morgan" , freebsd-questions@FreeBSD.ORG From: jacks@sage-american.com Subject: Re: REQUEST FOR COMMENT In-Reply-To: Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "we have had some crew question the overall effectiveness of security and other issues...." You might ask that "crew" guy what specifically (what gap?) is he concerned about rather than just a general concern. That remark could be applied to anything without something specific in mind. It's easy to simply criticize a system.... including special hardware too. At 04:48 PM 10.23.2001 +1000, Julian Morgan wrote: >>>> people - I am very dissappointed here and wanted your opinions.. I have helped set up a 7 site VPN between 2 states in Australia. 4 sites in Melbourne and 3 in Sydney.. The firewalls are running FreeBSD4.3 and communicate with Cisco 827 routes on ADSL 2meg/386K... After setting all this up and starting a fresh in learning FreeBSD over the past 8 months while the system has been running, we have had some crew question the overall effectiveness of security and other issues.. As a result they believe that it is better to get some certified hardware firewall that provider upgrades patches, instead of having a Unix product which is open source and requires patches all the time, updates ontop of the usual monitoring, and dedicate a person to basically be ontop of all seven sites all the time.... So besides the ISP sucking a little - it means we are going to have to upgrade the whole VPN system - and tear out the BSD boxes and get some hardware firewall!!!!!!!! hmm yet to see the doco on this equiptment... just wondered what your thoughts were Regards Julian ---------- Get your FREE download of MSN Explorer at <<'http://go.msn.com/bql/hmtag_itl_EN.asp'>http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message <<<<<<<< Best regards, Jack L. Stone, Server Admin Sage-American http://www.sage-american.com jacks@sage-american.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message