From: Matt Hellman <netfilter@taxandfinance.com>
To: ads nat <adsnat@yahoo.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Is Linux IPTABLES firewall comparable with license Firewall
Date: Sun, 19 Oct 2003 19:36:21 -0500 [thread overview]
Message-ID: <3F932E05.6040307@taxandfinance.com> (raw)
In-Reply-To: <20031018091807.26000.qmail@web20711.mail.yahoo.com>
ads nat wrote:
> Hi,
> I don't know whether this is right list for my
> question.
>
> I am facing basic problem while convincing to users. I
> have implemented IPTABLES firewall on my Linux 8.0
> server. I am frequently asked by users which
> firewall/security measures are taken for my network.
> My competitors use Checkpoint Firewall.
> Can somebody guide me how to convince my users that
> Linux IPTABLES Firewall is technically at par with
> commercial Firewall such as checkpoint.
>
> Also if same security policies are adopted for
> IPTABLES and checkpoint, Is IPTABLES technically at
> par with commercial FIREWALLs?
>
> Thanks
>
>
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
netfilter is best suited for configurations in small to medium
enteriprises IMHO (it is also an excellent host based firewall).
Commerial firewalls have significant advantages...they come out of the
box with top-notch gui management capabilities, fail-over, vpn and
application-level services which support multiple authentication
sources. Some of this can be accomplished on a netfilter box, but not
without significant effort to configure and maintain.
The greatest advantage netfilter has is that it runs on a Linux box
which gives it a tremendous amount of flexibility. You can do some
things on a Linux box that you wouldn't dream of on a commercial
firewall. Of course, some see this as a distinct disadvantage compared
to an appliance;-)
Anymore, I'm having a tough time recommending a PC running Linux versus
some of the entry level commercial firewalls, like a Pix, that can be
had for under $1000, if for no other reason that it will be FAR less
likely to have a hardware failure. If you're customers aren't
satifisfied with your using netfilter on Linux, buy an inexpensive cisco
Pix...I'm sure the name "Cisco" will impress them;-)
Goodluck,
Matt
next prev parent reply other threads:[~2003-10-20 0:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-18 9:18 Is Linux IPTABLES firewall comparable with license Firewall ads nat
2003-10-18 9:53 ` Joel
2003-10-18 18:36 ` Mark E. Donaldson
2003-10-18 21:40 ` Josh Berry
2003-10-19 15:13 ` Stephen Satchell
2003-10-20 0:36 ` Matt Hellman [this message]
2003-10-20 1:00 ` Bent Mathiesen
-- strict thread matches above, loose matches on Subject: below --
2003-10-19 22:22 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F932E05.6040307@taxandfinance.com \
--to=netfilter@taxandfinance.com \
--cc=adsnat@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox