My competitors use Checkpoint Firewall. Can somebody guide me how to convince my users that Linux IPTABLES Firewall is technically at par with commercial Firewall such as checkpoint.
Also if same security policies are adopted for IPTABLES and checkpoint, Is IPTABLES technically at par with commercial FIREWALLs?
I run sites with Linux firewalls, and I run sites using SonicWall SOHO 10s. During a client demo a year ago, I mentioned I did both, that each has their strengths and weaknesses, and at one site I did both in tandem. I use a standard set of rules in both sets of products, with customization where needed to fit particular client needs.
One customer wanted to know "what's the difference" between the commercial firewall appliance and the one I build using Linux. So out came my copy of nmap, and I showed how both types of systems prevented break-in attempts. The results were a little difference with each product, of course, but the customer was convinced that "goodness" wasn't a selection criterion. Instead, he focused his attention where it was really needed, the workload and bandwidth the firewall had to handle.
(N.B.: How that one worked out: space was also a consideration, and the customer felt that the SOHO 50, the bigger brother to the SOHO 10, would fit physically better for his needs. I don't like notebook cases at all, even when I'm running Pentium 166 chips, so I didn't argue. If he had had the room for a 1U box, the Linux solution would have won, and may still win yet if he doesn't stop growing soon.)
--
If the automobile had followed the same development as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year killing everyone inside. --Robert Cringely
