[ale] VPN choices...

Jonathan Rickman jrickman at gmail.com
Tue Mar 8 18:25:06 EST 2005


On Tue, 08 Mar 2005 17:48:26 -0500, Christopher Fowler
<cfowler at outpostsentinel.com> wrote:
> My question should draw a flame war.  When does an OSS solution like
> Linux with IP Filtering trump hardware like the Cisco PIX?  ISS?

Depends on the context of the deployment and the type of hardware the
Linux solution is based on. Remember, quite a few commercial systems
use Linux or BSD as a base. It's more a question of the capability of
the hardware than software in many circumstances. Once you get to a
certain point in the feature comparison matrix it comes down to who
has the most reliable/fast/smallest/etc hardware. It is there that
Linux on Intel starts to fall behind.

An extreme example:
http://cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html

A less extreme example:
http://sofaware.com/general.aspx?boneId=135&DTId=142&objId=94

Note the Checkpoint/Sofaware 225U. That little box with all those
features and performance that I have personally verified is about
$1700 dollars. You're gonna have a hard time putting together a more
full featured and faster system for that money unless you resort to
eBay. At that point, we're talking junk...not business class hardware.

My experience is that most small to mid sized companies with no more
than 5 sites are usually well served with a well documented OSS
solution on commodity hardware, except in some special cases. Itty
bitty companies are better served by off the shelf appliances like the
Cisco PIX 501. Big companies want Cisco, Checkpoint, Sunscreen, etc.
There are, of course, exceptions to every rule.

--
Jonathan



More information about the Ale mailing list