On Wed, 19 Feb 1997, Christian Bianchi wrote:
> I have to build a firewall. I have two chances:
> 1. Linux and Gauntlet Internet Firewall
> 2. Windows NT 4.0 and Checkpoint Firewall
> Can you give me any advice?
Sure can. Go with number one. With the money you save on not having to
buy NT, buy hardware for a hot-standby firewall.
At each layer of our firewall setup, we have a primary and a hot-standby,
with one running Linux and one running FreeBSD. (Well, the packet filters
will soon be using OSPF so that they can load share while providing
fallover, but that's not quite done yet.) They both have their quirks,
but both have held up amazingly well on inexpensive hardware.
I can't overstate the benefits of having redundant hardware at every stage
in the firewall setup. If you need to work on a machine, you just yank it
out. And, of course, when it does fail, you can get by just fine.
The nicest part about it is that PC hardware is getting better at a much
faster rate than telecom gear is getting faster. T1s are still fairly
normal for medium-size office setups, but you can throw two or four P166s
with 64 MB of RAM at your firewall problem for an amazingly small amount
Anyway, as long as you're capable of running the Linux box, I'd say go
with it. NT's not worth the extra money.
Todd Graham Lewis Mindspring Enterprises tlewis @
From: webmaster @
ch (Christian Bianchi)