[olug] Linux versus Cisco PIX

Shawn Mattingly smattin at mimezine.org
Fri Sep 19 22:31:48 UTC 2008


If you are looking at a firewall appliance, a PIX is fairly inexpensive
to buy (if you are looking at the small ones at least) and costs less to
support over time than a Sonicwall, which if you insist on keeping up to
date with a support contract will cost almost as much per year as the
initial purchase of the device.  It's a great solution for a small
business, especially if you have to support IPSEC lan-to-lan or limited
remote access vpn capability.

I've run linux firewalls too and they are a great "free" solution if you
happen to have an old machine lying around and have the time to fiddle
with it.  However, your average 200W power supply in an old white box
system uses quite a bit more power than an appliance, and generates more
heat and noise.  Also, though you aren't paying money to an appliance
manufacturer to keep your box current with fixes for the latest
vulnerabilities, you will probably spend a whole lot more time monkeying
around with it to get it to do what you want and keep it up to date.

Both are great solutions, but the best one for you will depend on your
situation and how much money and/or spare time you have available.

Shawn

Ryan Stille wrote:
> Michael Peterson wrote:
>> If IPCop or CentOS or XYZ Linux are configured properly can they provide for
>> a temporary or permanent basis the same basic features as a Cisco PIX
>> Firewall device?
>>
>> Would anyone on the list recommend a specific Linux or Linux Firewall Distro
>> that you have in production or have used in production?
>>
>> Or would a basic Sonicwall be a better temporary or permanent solution?
>>   
> 
> I replaced one of our two pix's with a small device running PfSense 
> (similar to monowall).  Its worked great so far, and has been much 
> easier to administer than the old Cisco box.  The only problem I've had 
> with it is that it can't be a PPTP server *and* allow outbound PPTP from 
> the internal network.  Fairly easy to work around, and its supposed to 
> be fixed in the next version.  It does openVPN and ipsec as well.  We 
> plan to get rid of the second pix eventually and run everything through 
> the one pfSense box.
> 
> These awesome little boxes with pfSense pre-installed are under $200:
> http://www.netgate.com/product_info.php?products_id=562
> 
> But before I got that I was just running it on an old PC and it worked 
> fine there, too.
> 
> -Ryan
> 
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list