A Dedicated Firewall for a Small Town?

Posted by Cliff on Tuesday December 20, 2005 @07:53AM from the any-better-ideas dept.

Germ-X asks: "My city's IT Manager is proposing a dedicated firewall system to protect the IT infrastructure. The solution, that is going to be presented to the City Council, is based on Windows 2003 and Symantec Enterprise firewall. It will be running on an HP DL380 G4, and will cost the city about $13,000. Most of that amount will be going to software licenses. I don't know the features of Symantec Enterprise Firewall, I just think that the city could do much better going for an applicance kind of solution, even if they stay with Windows. What do you guys think? Any other ideas? Keep in mind that this is a small town and I don't think we can count on any big time sysadmins, like most of yourselves, being on staff."

1 of 75 comments (clear)

Min score:

Reason:

Sort:

OpenBSD? by m0rph3us0 · 2005-12-20 08:03 · Score: 5, Informative

I'd throw OpenBSD on there. And scale down the hardware a lot. You will run out of bandwidth on your bus before you run out of CPU. Get two boxes and run CARP for fail over. That way when you patch the box your whole network doesn't go down. Just get two uniprocessor boxes. Dual Dual cores is overkill, and Windows 2003 has a single TCP/IP stack so dual processors are almost pointless.