If I deploy an OpenBSD failover Internet edge router with OpenBGP and
something goes wrong in the middle of the night, I get fired. If I
spend twenty times as much money to deploy on Cisco 7206 routers and
something goes wrong, I get a free trip to San Jose where all sorts of
high-ranking Cisco employees give vague assurances that our problem
was a fluke, they value our business, and it will never happen again.
You said it yourself right there!
I don't disagree wth the open source solutions. I do however disagree with them
in an enterprise environment. I have worked with 90% of the fort 100 companies
and its the same thing over and over. They try it, realize its not going to
work, and then they shelf it. I see more open source solutions that do work at
the government level.
-----Original Message-----
From: "Kevin" <kkadow@gmail.com>
To: "firewalls@securityfocus.com" <firewalls@securityfocus.com>
Cc: "3shool@gmail.com" <3shool@gmail.com>
Sent: 3/22/06 6:18 PM
Subject: Re: Enterprise Gigabit Firewall
On 3/22/06, Richard St John <Richard.StJohn@gbe.com> wrote:
I can actually disagree with you. I know of a couple Fortune 500-1000
companies that are basing their security posture on open source & free
products. Two come to mind here in St. Louis.
In my experience, management in Fortune 500 companies tends to be
risk-adverse, and prefers to spend big bucks on commercial products,
even if OSS could do the job, if only to have a scapegoat when the
project fails.
The rest I do agree with, I, personally, prefer the SideWinder G2 units
because they can do all 4 of his options as well the Gigabit requirements he
has. As for load balancing, the eval we did last year brought us to separate
vendor load balancing {firewalls and load balancing from different vendors}
and we chose Radware just due to the through put
Same here -- Sidewinder G2 at GigE in failover clusters for smaller
sites, and behind Radware for only the very largest sites.
How do you plan on supporting an enterprise environment with all free
products? Anyone working in a fortune 500 company knows there is no tolerance
for free programs.
I work in fortune 500 companies, and there is tolerance for free (open
source) solutions, especially in the security sector. The biggest
obstacle I face from management when recommending an open source
solution is the lack of pretty GUI interfaces, a 24x7 support contract
with a call center in India, and somebody (other than me) to point
fingers at when bad things happen.
Especially in the security sector. No support, no standards...
If I deploy an OpenBSD failover Internet edge router with OpenBGP and
something goes wrong in the middle of the night, I get fired. If I
spend twenty times as much money to deploy on Cisco 7206 routers and
something goes wrong, I get a free trip to San Jose where all sorts of
high-ranking Cisco employees give vague assurances that our problem
was a fluke, they value our business, and it will never happen again.
and when it comes to compliancy assurance of the free program there
is just no way. I see your stance though, and would love if this were
feasible.
Regarding compliance and validation, why should I trust the word of a
firewall vendor that their closed-source BSD-based firewall is
compliant when I can instead use OpenBSD and have the benefit of
unrestricted access to the complete source code?
Kevin
_________________________________________________________________________________________
CBI prefers to send all email in a secure, encrypted, easy-to-use manner. We
are one of a few, select companies to have earned the Certified Solution
Partner (CSP) designation from PGP. To easily secure all future messages from
this sender using industry leading PGP Universal technology, please click this
link:
https://keys.cbihome.com:441/b/b.e?r=firewalls%40securityfocus.com&n=scqOC7%2BQMRfgm%2FQ1ZuWGuw%3D%3D
