Running Linux and Netfilter on Nokia IP series hardware
Check Point Software Technologies has the largest market share of any firewall vendor with their Firewall-1 (FW-1) product, and Nokia manufactures several hardware appliances together with an operating system called IPSO to run FW-1. IPSO is based on FreeBSD, provides advanced routing and failover capabilities and is extremely stable, with uptimes regularly running in the multiple hundreds of days. Nokia and Check Point together provide as close to a de facto standard for enterprise firewalls as possible in a field with such a diversity of security vendors. Of course, all of this comes at a price; Check Point makes a lot of money on both licensing fees and support contracts for Firewall-1. Then, as time marches on, Check Point stops supporting older versions of FW-1. This by itself does not force companies to upgrade to newer versions of FW-1, at least not until a security vulnerability or other bug is discovered. Firewall-1 is not open-source software and, hence, cannot be patched without Check Point's (paid) assistance.
[ Read more ]