[142525] in North American Network Operators' Group
Firewall Appliance Suggestions
daemon@ATHENA.MIT.EDU (Blake T. Pfankuch)
Thu Jun 30 11:52:06 2011
From: "Blake T. Pfankuch" <blake@pfankuch.me>
To: "NANOG (nanog@nanog.org)" <nanog@nanog.org>
Date: Thu, 30 Jun 2011 15:50:57 +0000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Howdy,
I am looking for something a little unique in a bit of a to=
ugh situation with some sticky requirements. First off, my requirements ar=
e a little weird and I can't bend them a whole lot due to stipulations bein=
g put on me. I am in need a firewall appliance which can be run on VMware =
vSphere, with IPSEC support for multiple Phase 2 negotiations within a sing=
le Phase 1. I am also in need of something that can support VLAN interface=
s on the LAN side, and ideally something with multi zoning so I can keep LA=
N side networks separate from each without ridiculous firewall rules. Mean=
ing build a zone for "Customer network 1" and it displays separately (ease =
of management and firewall config hopefully). I need a minimum of 10 "zone=
s" on LAN side (/29 or /30), and NAT support for LAN to WAN (to dedicate al=
l outbound connections to a single IP from a specific zone), ideally someth=
ing extremely scalable (100-200 zones). And here is the super fun part! I=
need something that is going to be web managed primarily as minions will b=
e doing most of the day to day maintenance, or very simple CLI config. Wil=
ling to pay for something if need be, but looking for something that can ea=
sily handly 50-100mbit of throughput.
Any Ideas?
Thanks!
Blake Pfankuch
