"A firewall implements your security
policy. ... If you haven't made explicit decisions about
what you want the security policy to be, it's probably not the best
policy for your site, and it will certainly be difficult for you to
maintain it over time. In order to have a good firewall, you
need a good security policy--one that is written down and widely
"A firewall is not usually a single device.
Except in the most simple of cases, a firewall is seldom a single
device; it is usually a collection of devices acting in concert.
Even if you buy a commercial "all-in-one" firewall appliance,
you'll still have to configure other machines (your public web
server, for example) to work along with it. And these other
machines should really be regarded as part of the firewall.
"Firewalls are not off-the-shelf items.
Selecting a firewall is more like buying a house than choosing
where to go on vacation. Firewalls and houses are complicated, you
have to live with them every day, and you use them for more than
just a week or two. Both need to be maintained, otherwise the
weather gets to them or they fall apart. ..."