Ron Johnson wrote:
On Thu, 2003-07-31 at 08:30, Rex Chan wrote:On Thu, Jul 31, 2003 at 08:50:21PM +0800, Robert Storey wrote:[snip]The advantage of hardware firewall - most likely speed - specialised hardware to deal with packet processing and the like.So if a P2-233 w/ 32MB RAM doesn't handle it, try something faster. If a GHz CPU w/ 256B RAM (dirt cheap!!) can't handle a T3 (45Mbps, 5.6MBps), something is wrong.
Many of the firewall appliances are considerably slower processors. iptable routing doesn't take a lot of RAM or CPU cycles.What requires more RAM/CPU is going to be DNS caching, DHCP, Squid, VPN -- All of these can be done with Linux and firewall distributions (ie: smoothwall, ipcop)
This is assuming you are under 256 users on a subnet. -- It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist