Since you already have a working UNIX firewall, there really is no
compelling reason to switch to an NT product unless some exec on high (or
really high exec ;>) is demanding the NT switch. The current generation of
NT firewalls (0.9) offer no advantages over their UNIX counterparts. We
have been going through some very heavy debating about what advantages we
feel would be appropriate to use in NT and not create an extra security
breach. There is also a very heated and long running debate about whether
or not NT is an appropriate platform to run a firewall on.
In short: At this point in time a jump is not appropriate (if the money is
burning that bad of a hole in your pocket hire a security consultant to
evaluate your current firewall). If you have an NT based network then at
some point in the future (hopefully 8-12 months) feature sets will come
about on NT platforms that do give them a distinct advantage. Hopefully at
that time several of the security questions and snags will be worked out.
When that time comes I don't doubt that we will still be here pissing and
squabbling about the appropriateness of NT as a firewall, but don't worry,
most of us here are more than a little conservative and paranoid about
>From: Martin Marshall[SMTP:marshall @
>Sent: Thursday, June 06, 1996 1:18 AM
>To: Firewalls Mailing list
>Subject: NT Firewalls
>We currently have a Unix Firewall solution, we would like to move to a
>NT Firewall (If Possible).
>Could anyone let me know where to jump, if a jump is to be made at all !
>Any comments will be welcomed