On 03/02/2010, at 8:49 PM, Stuart Henderson wrote: > On 2010-02-01, Keith <[email protected]> wrote: >> I've used OpenBSD & PF for a number of years without issue and am now in >> the position that I want to create a dmz between the Internet and my >> organisations WAN. Our security people are asking if the firewall that >> we use is accreditated by ITSEC and I am pretty sure it isn't but it >> turns out that our security people will be happy is the firewall is >> accredited for use by another government ! > > You could always put an accredited firewall behind the real one. > This also means you can tick the 'multi-vendor' box. > > To reduce your management hassles you could just leave all ports open.
leave them open on the accredited firewall of course.
