Ok, I've got a little time this week, so I thought I would take the lead from another thread and start this new thread.
So, here are the simple rules - no RFC's make any difference, no technical documents make any difference, etc...
After we get our basic features list setup/created, we'll start looking at what we consider a reasonable implementation vs what we want, so lets start with what we want first.
It's very simple, what do you consider the standard features are for a firewall appliance?
1) A firewall should block all outbound by default (as shipped).2) A firewall should block all inbound by default (as shipped).
3) A firewall should know the difference between protocols: HTTP and DNS as an example. Nothing should pass through a rule except the proper protocol it was configured for.4) A firewall should support direct VPN connections to/from itself, as a end-point.
5) A firewall should have a real DMZ if it claims to have a DMZ - meaning that it should have a physical jack for a DMZ that is not part of the same network as the LAN.6) A firewall with a DMZ/LAN should have no default rules allowing access between them.
7) A firewall should clearly log/report all traffic, in/out, and make it easy to determine if it was approved/unapproved, etc...8) A firewall should be able to detect threats, internal and external, on any port, and block those attack origination locations from access.
9) A firewall should be able to allow the user to create rules that can be used to cause the blocking of hosts attaching via specific rule (ports) - this would be used to block access from hosts probing the firewall for open ports, or to block worms (TCP 1433/1434 as an example).10) A firewall should provide for multiple subnets on any network interface.
11) A firewall should not have DHCP Service enabled on the LAN/DMZ by default.12) A firewall should be certified as a firewall by some reputable authority.
Please feel free to add to this list.
Again, remember, this is not what is available, it's what YOU WANT in a firewall. We'll talk about what is reasonable and available later.