RE: Firewall opinions wanted please

Depending on your chosen vendor the ACL cost is unlikely to be $0 - if you
steal CPU cycles from packet forwarding then you incur earlier router
upgrade costs and that has a NPV cost increase associated with it. It's just
not as obvious as a invoice for a firewall.


"Firewall" refers to access control. Firewall appliances are dedicated
machines that perform firewall functions.

ACLs on many router platforms are called firewalls. Juniper calls them
"firewall filters."

My personal context was covered in a reply I sent earlier in this thread
that read:

"Firewalls are logical interventions, costing as little as some processor
overhead. Dedicated appliances are only one deployment. Filters on
routers also qualify as firewalls."

So...I don't disagree with you at all...


On Wed, Mar 17, 2004 at 06:33:54PM -0000, Matt Ryan said something to the effect of: