• We have found the above configuration provides the best protection and the most flexibility in dealing with a wide range of requirements. We do this with standards based public domain software (UNIX), which does not require a large licensing investment or lock our client into a long term investment with a single vendor. The firewall is comprised of one PC running OpenBSD. A second PC providing email, DNS and a web site residing on the DMZ network provided by the Firewall is a good option. The hardware investment for these two PCs is quite reasonable and can be easily expanded or enhanced to meet future requirements. We can monitor, customize the configuration and maintain (patch) the operating system of these systems remotely, via SSH (Secure Shell).
  
  Attempting to integrate a network's sole Firewall into a general purpose server (providing other services) is a poor design option.