linux box or appliance

can anyone suggest the pros of having a linux box.. debian 3.1 with iptables or ipcop versus something like a pix 501 or AT ar440.. The cable modem would connect to the fw, then I would need lan for the desktop pc and a lan for a web/mail server, the server would actually be more tied down than the desktop as only web and mail ports would be open..

all i really need is to have the fw running nat, denying everything bar web/mail stopping syn attacks and dos and stuff..

the server I have is a fairly old rackmount with dual power supplies so its noisy, large and fairly power hungry, whereas an appliance is small quiet and easy on the power.

anything a linux firewall can do that a pix cant?

Flamer.

Reply to
die.spam
Loading thread data ...

Depending on your electric rates, an old desktop PC could cost you (or somebody) $10US/mo to operate. Your server sounds like it's much more than that.

An old laptop is much better from this POV and it has a compact kbd and screen that fold up and hide when not needed.

Reply to
Al Dykes

Hi Flamer,

I suggest switching to UTM ( Unified Threat Management) appliance instead of using legacy firewalls like PIX-501 or PIX-506.

They have greater value with almost the same cost, but you will get extra : Anti-Virus, IPS, Content filtering, Anti-Spam...... all in one box!

Panda,

formatting link

Reply to
Panda

Greater flexibility. You can easily add/remove interfaces (for changes in network topology, e.g. adding DMZs), run services on the box (which is usually a not-so-good idea, but may be okay depending on the actual network setup you have), add/remove filters for network or application layer, etc.

The downsides are that it usually doesn't run out-of-the-box and will probably be more power-consuming than firewall appliances.

AFAICS any of the solutions you mentioned above will meet these requirements.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Thanks for the replies, I guess I want to try and avoid using the rack server if possible without losing any functionality, also the server has only one pci slot and one onboard 10/100 so a dual port ethernet would be required which are generally pretty pricey.. where I live a

2nd hand pix 501 is $450 though so not cheap either.

Flamer.

Reply to
die.spam

Pix 501 and 506 models have only two physical network interfaces.

Wolfgang

Reply to
Wolfgang Kueter

yeah good point, they only have inside and outside interface with an integrated 4 port switch.

Flamer.

Reply to
die.spam

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.