[142526] in North American Network Operators' Group
Re: Firewall Appliance Suggestions
daemon@ATHENA.MIT.EDU (-Hammer-)
Thu Jun 30 11:57:05 2011
Date: Thu, 30 Jun 2011 10:56:50 -0500
From: -Hammer- <bhmccie@gmail.com>
To: nanog@nanog.org
In-Reply-To: <CC75EEBF17C7374EA8309102B7B10C840C7E3A@SHSBS.shenrons-house.local>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
CheckPoint
-Hammer-
"I was a normal American nerd"
-Jack Herer
On 06/30/2011 10:50 AM, Blake T. Pfankuch wrote:
> Howdy,
> I am looking for something a little unique in a bit of=
a tough situation with some sticky requirements. First off, my requirem=
ents are a little weird and I can't bend them a whole lot due to stipulat=
ions being put on me. I am in need a firewall appliance which can be run=
on VMware vSphere, with IPSEC support for multiple Phase 2 negotiations =
within a single Phase 1. I am also in need of something that can support=
VLAN interfaces on the LAN side, and ideally something with multi zoning=
so I can keep LAN side networks separate from each without ridiculous fi=
rewall rules. Meaning build a zone for "Customer network 1" and it displ=
ays separately (ease of management and firewall config hopefully). I nee=
d a minimum of 10 "zones" on LAN side (/29 or /30), and NAT support for L=
AN to WAN (to dedicate all outbound connections to a single IP from a spe=
cific zone), ideally something extremely scalable (100-200 zones). And h=
ere is the super fun part! I need something that is going to be web mana=
ged primarily as minions will be doing most of the day to day maintenance=
, or very simple CLI config. Willing to pay for something if need be, bu=
t looking for something that can easily handly 50-100mbit of throughput.
>
> Any Ideas?
>
> Thanks!
>
> Blake Pfankuch
> =20
