On 4/30/06, Stuart Henderson <[EMAIL PROTECTED]> wrote:
On 2006/04/30 06:34, S t i n g r a y wrote:
> Now what i want to know , maybe is O T in this list
> but what is the diffrence , i mean pf in openBSD is
> refered to as a firewall for home or small offices ?
> why is that , i mean what is the criteria of an
> enterprise firewall what is the diffrence between pf &
> MS ISA / cisco pix or checkpoint ?
> performance ? stability or features ?
marketing and a manager-friendly gui.
To add more...I've used PF/CARP to deploy perimeter defense for
companies with users ranging from 1000+ to 4000+. Does that tell you
something?
Please don't fall into the trap of marketing crap like "Application
Layer Checks", "Deep Packet Inspection", etc. Nothing more than
proxies with too many false positives. Again, you can check if the
protocol abides by RFCs with enormous expense, but what use is it when
the embedded exploit code is not fully checked within the payload?
(check the archives why PF does not do this).
PF is powerful, efficient, and keeps it simple...you are better off
handling Application Layer checks closer to the crappy application
that is full of bugs..
_Raju
--
May the packets be with you.
