Re: [cobalt-users] Firewall on the RAQ

[cfb@xxxxxxxxxxx]

In another of couple of months, you'll have even more options, as
Checkpoint is porting their Firewall-1 product to the i386 Redhat 6.x
platform.  With any luck, I'll be screwing around with a beta in 
a little while (nah-na-nah-na-nah)....

And don't talk to me about the current state of linux firewalling; we'll
end up in a heated debate about why linux is still in its infancy in
that regard.  Besides, once you're e-commerce web site does get cracked,
despite having a firewall, your bank's insurance/fraud/security folks
are going to want to see logs... lots of them... better start burning
CDs.  FW-1 does a very nice job of logging to a central location.

...you don't want to know how much it costs, though.  In general, if
you're purchasing RaQ hardware and planning on installing Firewall-1,
the pricing inversion (software to hardware, in this case) is enough to
pay for three fully decked out '3is.  Most people I know who use
Firewall-1 and require a 1U form factor go for a Sun Netra T1 (not
because they want too or because they can, but primarily because
"hardware" capital is such a small part of their budget that it gets
lost somewhere well right of the third comma).

BTW, Cobalt, if you're listening, it would be a good idea to take some
notes from the Netra T1.  Personally, I think Sun cut the tolerances on
the chassie a little to close (it's almost impossible to get a quad
ethernet card in the damned thing), but the overall fit, finish and
thought put into the design wins big (too bad (but not for you) it costs
so much).  The ability to put 2 CPUs in 1U + a quad ethernet card makes
a lot of sense when you think in terms of encryption and firewalling
threads on separate processors.

> Mark Spieth wrote:
> You have 2 options,
>[...]