[thelist] Firewalls vs. Web Databases

Glenn Hunt ghunt at hds.ca
Thu Sep 20 14:48:33 CDT 2001

>? I've always had an issue with people saying that 
>dedicated(hardware-based) firewalls are superior to OS based firewalls.

>When you get down to it, even dedicated firewalls are OS based(PIX is 
>IOS, NetRaptor is Unix, etc..). The reason dedicated firewalls are less

>failure prone is because they come pre-configed and stripped of 
>unessacary hardware. Running a firewall of good server hardware and 
>stripping off the crap(do you really need USB enabled on your firewall?

>etc..) has achieved *years* of uptime for me at a price usually half of

>dedicated solutions.. but thats just me :)

I agree - 90% of my firewalls are FreeBSD-based, and they all enjoy the
years of uptime you extol. The only advantage that I see with
hardware-based firewalls is that since the OS is in a ROM, they tend not
to get corrupted if something goes wrong. With no moving parts (e.g.
HDD), there is just less hardware to fail.

The flipside is that they are generally speaking not nearly as flexible,
and because everything is "hidden", it becomes difficult to diagnose

Glenn Hunt
ghunt at hds.ca

More information about the thelist mailing list