This topic has come up before. You need to specify your security requirements by building an enterprise security policy before you can choose your tools to implement that policy. PIX and other commercial firewalls give you a lot more than packet filtering and NAT. VPNs, log analyzers, clustering, and intrusion detection are some of the features you will not see in vanilla linux + iptables. If your policy needs these features, you can give your clients a proposal for your time to install, configure, and document a custom linux based solution and compare that with the purchase, installation, and configuration of a PIX. You may find that a Watchguard Firebox is your best bet, especially since it runs linux and iptables under the hood. -- Ryan Hoegg ISIS Networks Mike Hull wrote: >Does anyone know where I could find a comparison of linux+iptables vs >cisco pix? I'm trying to convence a couple health care organizations to >get linux boxes rather than cisco pix solutions. These people are stuck >on cisco. Everything they have is overpriced cisco garbage. Personally, >I have compared them, and I have had to replace cisco equipment with an >iptables firewall. I don't think they're just going to take my word for >it though. > >Thanks, >Mike >
