The checkpoint and Pix Boxen are what we use here. But we also use ipchains to secure things at a host level. Scott C. McGrath On Thu, 14 Aug 2003, Drew Weaver wrote:
ipchains and similar firewalls are indeed far superior. I manage "real" firewalls as part of my responsibilities.
However the new microsoft policy will help protect the network from Joe and Jane average who buy a PC from the closest "big box" store and hook it up to their cable modem so they can exchange pictures of the kids with the grandparents in Fla. This is the class of users who botnet builders dream about because these people do not see a computer as a complex system which _requires_ constant maintenance but as a semi-magical device for moving images and text around.
----
I don't believe that many people really see ipchains as a real viable firewall. I think it is awesome, but in many corporations simply mentioning it gets you a stern eyeing. Of course these corporations can spend tons of money on Checkpoint and PIX boxen.
-Drew