Max Ashton wrote:
Hi,
Fact is, i didn't consider patient confidentiality in my earlier
response.
For insurance and liability purposes, you will be much better served
if you go with a commercial grade product, or at least have a
consultant firm (Note: Firm, not Joe from across the appartment
building) config the software for you.
I don't really hold much stock in appliances being cheaper to
maintain than PC based equipment. My Nokia cluster has had nodes fall
over before, and i pay Nokia and Checkpoint thousands of pounds a
year to maintain my equipment.
My Smoothwall at home, and the Gentoo based system i put in for a
friend have both got uptimes of several years, and have never been
compromised or gone down.
At the end of the day, the "Quality" of a firewall has to be balanced
with such beautiful things as "Accountability, Liability, and Risk".
Only when you understand what could go wrong can you decide how much
you need to spend.
I don't know the exact layout of your network, but i'm going to
change my hat, and agree with my colleagues earlier in the thread.
Netscreen, Juniper, whoever.
Regards,
Max Ashton
I agree here that Confidentiality and Liability are very important
issues when dealing with HIPPA compliance. But let's not lose sight of
what the OP was asking. He/she was inquiring about a firewall. A
firewall's primary responsibility is to filter ingress/egress traffic.
The more bells and whistles you can get for your money the better; I
agree that Juniper is best bang for the buck. But if you are going to
supplement your firewall with IDP's or IDS's and/or other controls
anyway, then OpenSource/GPL solutions will work just the same. The Home
Edition of Astaro has a lot of features for free. Again, I personally
use Smoothwall for my small business clients. Maybe HIPPA Compliance
requirements can help you determine your "best" solution. You have to
compare the Cost of Ownership of all solutions as well. While sure, my
Smoothwall works great for me and has never given me any problems, if it
does go down I'll need to be able to support it. As it is the free
version, paid support is separate and would be required. If you don't
know what you're doing, you'll spend wasted hours troubleshooting. The
alternative, as is with commercial grade products, is that you buy the
solution and pay for support in advance. You don't have to think or try
to figure it out as you can just call tech support and make it their
problem. Sometimes this works fast, other times it takes more time than
it would to Google the problem. There are pro's and con's to each.
Good luck in your search!
JMB
