[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Re: Firewall-1 on AIX

To: Hal Dorsman <hdorsman@blackfoot.net>
Subject: RE: [FW1] Re: Firewall-1 on AIX
From: John Horn <jhorn1@desperate.ci.tucson.az.us>
Date: Thu, 9 Sep 1999 14:19:22 -0700 (MST)
Cc: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>

On Thu, 9 Sep 1999, Hal Dorsman wrote:

> Some valid comments, however, the part that bothers me are your comments
> (made several times) that AIX is not UNIX.  AIX is most definately UNIX.  It
> is just more BSD than System V.  If you are used to System V, like Solaris,
> AIX would seem a little foreign,  but to assume that because it is
> different, that it is "not real UNIX", only proves your ignorance of
> UNIX.

Touched a nerve, did I?

AIX is based on UNIX System V release 3, not SVR4. AIX is not and has
never been based on BSD. Refer to IBM's original porting license from
AT&T.

Among traditional UNIX sys admins, AIX is widely condisered to 'not' be
true UNIX. The principal reason for this is the ODM. The ODM both empowers
and limits. Mostly, from traditional UNIX SAs perspective, it limits more
than it empowers. OTOH, from the perspective of novice or inexperienced
SAs, it empowers, enabling them to perform many (though not all) of the
same tasks that would be performed on more traditional UNIX platforms by
experienced SAs in a timely manner.

An example, Mr. Dorsman. Some years ago I had the priveledge of
adminstering a state of the art RS/6000 with IBMs latest and greatest AIX
which was, I think, AIX 3.1. One day I received a frantic phone call from
one of our accounting folks who had sent an enormous print job to the
wrong printer. No problem I thought, I'll just use lpmove. Hmmm, turns out
AIX doesn't have an lpmove - at least it didn't have one back then. Now if
Sunos hadn't had an lpmove, it still wouldn't have been too much of a
problem, but since it was AIX and everything was stored in the ODM (Object
Database Manager for those unfamilar with the AIX ODM), traditional
solutions were not possible. I did not possess the structure to the ODM
databases. I had to call IBM, get the appropriate headers and sit down and
write a 'C' program to effect the lpmove. I'm sure I'm probably not the
only one to run into this or similar problems with AIX and the ODM.

Of course, you may be right, I probably don't know much about UNIX.
Eighteen years is not very much time for a system administrator. I'm sure
there are folks who would claim that the PDPs I used to run were not real
UNIX boxen. Those RK05s were not real disk drives etc. *Shrug* (Boot from
paper tape? What?) Geez, I even remember runoff. 

> 
> Honestly, however, I do have both machines, a Sparc Ultra 5 running Solaris
> 7,
> and a 43P, running AIX 4.3, sitting side by side on my desk.  One for FW1
> management, one for Netview.  I would have to admit that I like Solaris
> better
> (except I really miss SMIT on that box), but snoop makes up for it in other
> ways.  Giving advice on which to chose  for FW1, I would have to go with
> Solaris, but only because it is it's native OS, not a port.  But for someone
> that runs an IBM shop, has expertise in AIX, and has local IBM support (IBM 
> support is typically excellent),  I would most certainly recommend AIX.  The
> platform is rock solid, easy to manage, and runs FW1 very, very well.

IBM support is pretty good, as is Sun's. Sun just won top place award for
support I think from somebody. Both are good. Solaris is better for a
firewall - IMHO. I wouldn't want to excite you further...:) AIX though, is
not UNIX. UNIX is not just the set of commands in /usr/bin or /sbin or
files in /etc. UNIX is a philosophy as well as an Operating System. The
ODM tends to deviate from the UNIX philosophy as well as the de facto
standard for handling these system level databases. AIX is UNIX like, not
UNIX. Does AIX provide you some capabilities you wouldn't have on other
platforms? No, not really. Though it may make some things easier,
particularly for those not intimately familiar with the traditional UNIX
methods of system administration. Of course, it also, as I demonstrated
above, may make some things much more difficult. AFAIK, even IBM does not
claim AIX is UNIX do they? I'm not sure of that though and even if they
don't it probably has nothing to do with my reasons for declaring it not
to be UNIX. *Shrug* 

Well, I'd better get my cane and totter off to the old folks home. I
obviously don't have a clue what UNIX is anymore.

> 
> just my .02.
> 
> Hal
> 
> Hal Dorsman
> Data Network Engineer
> Blackfoot Telephone Cooperative
> Missoula, Montana, USA
> hdorsman@blackfoot.net
> (406) 541-5106
> 
> > -----Original Message-----
> > From:	John Horn [SMTP:jhorn1@desperate.ci.tucson.az.us]
> > Sent:	Thursday, September 09, 1999 1:07 PM
> > To:	Hal Dorsman
> > Cc:	'fw-1-mailinglist@lists.us.checkpoint.com'
> > Subject:	RE: [FW1] Re: Firewall-1 on AIX
> > 
> > 
> > 
> > 
> > You are correct, it wasn't fair. It was an expression of my own bias
> > against AIX - even though I administer several RS/6000s (S70s/S70As).
> > Still, AIX isn't UNIX - sort of UNIX like in some ways, but not real UNIX.
> > 4.3 is still AIX, not UNIX. It will probably run FW-1 fine. We run all of
> > our FW-1s on Sun Solaris SPARC because it is a real UNIX and Solaris is
> > cheaper than AIX, all Solaris licenses are for unlimited users always and,
> > particularly advantageous when operating a firewall, Solaris on SPARC
> > comes with a built in sniffer called snoop - which intercepts packets
> > before the firewall can filter them, very useful when debugging. All this
> > for much less cost than any comparable AIX and RS/6000 combination. And of
> > course, it is real UNIX, it does what it is supposed to do when a given
> > command is issued, it even has, of all things, man pages when installed.
> > The Solaris operating system isn't broken out into 49 different modules
> > each of which must be installed seperately like AIX - or whatever the
> > number is.
> > 
> > My 2 cents.
> > 
> > 
> > On Wed, 8 Sep 1999, Hal Dorsman wrote:
> > 
> > > 
> > > John Horn wrote:
> > > 
> > > 	>Yes. Switch to Sun Solaris on SPARC...
> > > 
> > > 	That's not exactly fair, especially without any explanation or
> > > 	justification.  I ran FW 3.0 on AIX 4.2.1 for over a year, and it
> > > 	was extremely stable, and performed very well.  Only had to shut
> > > 	down once in the entire year, and that was because I had to
> > > 	relocate the machine.  Admittedly, it was not 4.3, so I can't
> > > comment
> > > 	about that on experience, but I can't imagine it would be any less
> > > 	reliable.  If you want to criticize, how about some facts?
> > > 
> > > 	Hal
> > > 
> > > 
> > > Hal Dorsman
> > > Data Network Engineer
> > > Blackfoot Telephone Cooperative
> > > Missoula, Montana, USA
> > > hdorsman@blackfoot.net
> > > (406) 541-5106
> > > 
> > > > -----Original Message-----
> > > > From:	John Horn [SMTP:jhorn1@desperate.ci.tucson.az.us]
> > > > Sent:	Tuesday, September 07, 1999 4:49 PM
> > > > To:	Mark_Brown@allianzlife.com
> > > > Cc:	fw-1-mailinglist@lists.us.checkpoint.com
> > > > Subject:	Re: [FW1] Re: Firewall-1 on AIX
> > > > 
> > > > 
> > > > On Tue, 7 Sep 1999 Mark_Brown@allianzlife.com wrote:
> > > > 
> > > > > 
> > > > > Hello,
> > > > > 
> > > > > 
> > > > > Does anyone have experience running Firewall-1 on AIX 4.3?
> > > > > If so do you have any comments/suggestions about Firewall-1 on AIX?
> > > > 
> > > > Yes. Switch to Sun Solaris on SPARC...
> > > > 
> > > > > 
> > > > > 
> > > > > Thanks,
> > > > > 
> > > > > Mark Brown
> > > > > Network Engineer
> > > > > Allianz Life
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > >
> > > >
> > ==========================================================================
> > > > ======
> > > > >      To unsubscribe from this mailing list, please see the
> > instructions
> > > > at
> > > > >                http://www.checkpoint.com/services/mailing.html
> > > > >
> > > >
> > ==========================================================================
> > > > ======
> > > > > 
> > > > 
> > > > 
> > > > 
> > > > Regards:
> > > > 
> > > > John Horn
> > > > City of Tucson, IT Dept.
> > > > jhorn1@desperate.ci.tucson.az.us
> > > > 
> > > > 
> > > > 
> > > >
> > ==========================================================================
> > > > ======
> > > >      To unsubscribe from this mailing list, please see the
> > instructions at
> > > >                http://www.checkpoint.com/services/mailing.html
> > > >
> > ==========================================================================
> > > > ======
> > > 
> > > 
> > >
> > ==========================================================================
> > ======
> > >      To unsubscribe from this mailing list, please see the instructions
> > at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> > ==========================================================================
> > ======
> > > 
> > 
> > 
> > 
> > Regards:
> > 
> > John Horn
> > City of Tucson, IT Dept.
> > jhorn1@desperate.ci.tucson.az.us
> > 
> > 
> > 
> > ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==========================================================================
> > ======
> 



Regards:

John Horn
City of Tucson, IT Dept.
jhorn1@desperate.ci.tucson.az.us



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: [FW1] Meta IP
Next by Date: RE: [FW1] Re: Firewall-1 on AIX
Prev by thread: RE: [FW1] Re: Firewall-1 on AIX
Next by thread: RE: [FW1] Re: Firewall-1 on AIX
Index(es):
- Date
- Thread