Great Circle Associates Firewalls
(August 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: NT Firewalling
From: peter @ baileynm . com (Peter da Silva)
Date: Tue, 13 Aug 1996 16:32:35 -0500 (CDT)
To: firewalls @ greatcircle . com
In-reply-to: <199608132035 . RAA02469 @ nutspgw . nutec . com . br> from "Fernando da Silveira Montenegro" at Aug 13, 96 05:43:06 pm 
> What I meant to say is that given current market pressure, vendors 
> are more likely to ship Intel support for NT only, or to do an NT 
> version before a UNIX version.

Should that happen then by all means go for the NT version. At the moment
and for the near future the UNIX version is coming out well before the
NT version, for those firewalls that even *have* an NT version, with very
few exceptions.

> I know it is not a firewall product, 
> but Netscape, for example, doesn't have a BSD/OS version of its Mail 
> Server 2.0, while there is one for NT.

If you're running Netscape software on your firewall you're in for a world
of pain, buddy. (mail server? Why would anyone consider buying a mail server
from Netscape anyway?)

> If you want a firewall 
> example, I'm almost sure Raptor only supports NT if I choose an Intel 
> platform.

Raptor has been an NT house since they moved their principle product
from the Amiga to the MIPS then DEC platforms, but if I was buying a Raptor
firewall I'd go with their Alpha based package... and dyke out the 386
executable support... simply to reduce the chance of someone slipping
a buffer overflow into my firewall and running code. If they have to be
smart enough to grok Alpha code as well it's an extra protection.

But why do I want to "choose an intel platform"?

I don't go looking at firewalls by saying "oh, let's go with intel" or "oh,
let's go with MIPS" or "oh, let's go with SPARC". I don't even go "let's go
with UNIX". If I had my druthers I would have a firewall that ran as an
embedded system with no underlying OS.

> Using a firewall example, what happens when vendors start shipping 
> SWAN support and my poor choice gets me nothing but maintenance 
> releases?

I assume that by "SWAN" you mean "Secure WAN" or "Virtual Network
Perimeters". Firewall-to-firewall encryption?

All the work on that's being done on UNIX, that I can tell by reading
papers and the like.

> Yes, no question about it, IF I'm using something like fwtk or
> ipfilterd. Last time I checked neither platform were supported by
> the firewalls I'm familiar with (TIS' and Raptor's).

If you're paying TIS prices then the extra few hundred bucks for BSDI
are negligable, and it'll still run on the same hardware.
Indexed By Date Previous: Looking for SYN packet generator.
From: Bill Stout <bill . stout @ hidata . com>
Next: RE: NT Firewalling
From: Mike Eddington <toranix @ ultranet . com>
Indexed By Thread Previous: Re: NT Firewalling
From: Ron DuFresne <dufresne @ winternet . com>
Next: RE: NT Firewalling
From: Mike Eddington <toranix @ ultranet . com>
Google
 
Search Internet Search www.greatcircle.com