@ gracon52

hi, i was just wondering what you have planned to do about data (not network) security and stuff... you will be encrypting the traffic between your remote locations, right (VPN, SSL, etc)??

BTW, i do agree with chort in that a commercial solution is many times a better option than DIY... of course it all depends on one's abilities and the boss's needs and stuff - and in the end you weigh the pros and cons of each option and make an objective decision...

that said, setting-up some NAT iptables/netfilter firewalls is pretty straight-forward stuff, and anyone with half-decent iptables/netfilter experience can tackle it... not sure how much experience you have with these things (although you did mention you have linux geeks in da house so maybe it doesn't even matter)...

Ah Whatever, I was going to shut up, but this is a fertile discussion. Chort, you clearly know the subject and equally clearly have a view which I would be foolish to disregard. In many ways, I agree with what you are saying. I'm going to be picky here for a couple of lines: If the guy is posting to LQ, he has got his head round the Free Software idea, and the mere fact that he asks whether he should buy "tailor-made" or roll his own indicates to me that he has either the personal capacity to do the job, or some good folk behind him who can. Also, I assume he is talking "Institutions" as in "Academic", and at least here in the UK, that means "strapped for cash". Under those circumstances, I would sooner have him grow a very precisely built device which does what he wants for the budget he has, rather than buy a commercial box that, because of budgetary constraints, is not quite the solution, but "near enough", and continues to be a drain on his resources while not really being right.

From a completely different perspective, most, if not all of the software that is currently available in Open Source owes its generation to those of us who you sort-of label as "hobbyists" (you wrote "If you want a fun hobby for the weekend, build your own netfilter firewall ....If you want to protect something of value, buy the firewall."). That is to a great extent a fair criticism, but without the barnstormers, like the folk who stared Cisco, there would BE no product to commercialise and support professionally, etc etc.

The reason we are having this discussion, I think, is because you take the "sound commercial" line, I take the "Open Source Barnstormer" view, and what Gracon52 is asking falls very neatly between the two platforms. We may never agree, but I appreciate the reasons for your point of view, which is difficult to dismiss