Date: Thu, 13 Jul 2006 06:56:14 -0400 From: Bill Moran <wmoran@collaborativefusion.com> To: spock@dwinner.net Cc: freebsd-questions@freebsd.org Subject: Re: *bsd firewall appliance? Message-ID: <20060713065614.75ab56ee.wmoran@collaborativefusion.com> In-Reply-To: <44B61824.7030309@dwinner.net> References: <44B61824.7030309@dwinner.net>
next in thread | previous in thread | raw e-mail | index | archive | help
DW <spock@dwinner.net> wrote: > Hi all, > > Just doing some early morning brainstorming, and my crazy thought of the > day is this: > > My life would be so much easier if I could just get rid of my stupid PIX > firewalls, and replace them what I know and love: FreeBSD. It's not that > the PIX's have been causing me problems or anything like that, it's just > that I believe in streamlining whenever possible, and since we've > already exterminated Microsoft in my server room for at least 3 years, > the only thing left that's not running FreeBSD are my appliances > (firewalls and switches) and 2 leftover legacy servers still running > Redhat that haven't been worth the effort to migrate to FreeBSD. I'm a > one-man shop, and I can survive using the PIX IOS when I have to, but > would just as soon use BSD if I could. Questions: > > 1) If I did this, I would probably only do it if I could figure out how > to rack up some diskless servers to my 2-post communications rack. Any > thoughts on hardware candidates, etc.? > > 2) If I did this, maybe it would be wiser to go with OpenBSD instead, > since it is known for security? > > 3) Any good tutorials on setting up a diskless servers for Free/OpenBSD? > > 4) Any other considerations? Keep in mind that PC hardware does not make good switching/routing hardware for high loads. The way PCs are designed, you really can't put more than 2 network cards in and expect any kind of performance. If your PIX are serving simple gateway/firewall roles, then replacing with *BSD on a PC is possible. If they have many interfaces, you'll find that the PC hardware just can't switch packets at line speed, no matter what OS you put on it. > 5) Am I just being stupid and should I just keep my PIX's going? I know, > I know, if it ain't broke, don't fix it. No. Proactive is the way to go. People who wait around for things to break are always fixing broken things. -- Bill Moran If you take sexual advantage of her, you're going to burn in a very special level of hell. A level they reserve for child molesters and people who talk at the theater. Shepherd Book
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060713065614.75ab56ee.wmoran>