[142529] in North American Network Operators' Group
RE: Firewall Appliance Suggestions
daemon@ATHENA.MIT.EDU (Blake T. Pfankuch)
Thu Jun 30 12:43:55 2011
From: "Blake T. Pfankuch" <blake@pfankuch.me>
To: -Hammer- <bhmccie@gmail.com>, Claudio Salmin
<claudio.salmin@googlemail.com>, "nanog@nanog.org" <nanog@nanog.org>,
William Cooper <wcooper02@gmail.com>
Date: Thu, 30 Jun 2011 16:43:07 +0000
In-Reply-To: <4E0C9CC2.4060605@gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
For those of you who responded quickly and usefully, do you have any experi=
ence with the CheckPoint/Juniper/Fortinet in an environment with multiple p=
rotected subnets running on VMware? Simple enough for a NOC monkey to make=
changes to without breaking assuming he has half a brain and a process in =
front of him to follow?
-----Original Message-----
From: -Hammer- [mailto:bhmccie@gmail.com]=20
Sent: Thursday, June 30, 2011 9:57 AM
To: nanog@nanog.org
Subject: Re: Firewall Appliance Suggestions
CheckPoint
-Hammer-
"I was a normal American nerd"
-Jack Herer
On 06/30/2011 10:50 AM, Blake T. Pfankuch wrote:
> Howdy,
> I am looking for something a little unique in a bit of a=
tough situation with some sticky requirements. First off, my requirements=
are a little weird and I can't bend them a whole lot due to stipulations b=
eing put on me. I am in need a firewall appliance which can be run on VMwa=
re vSphere, with IPSEC support for multiple Phase 2 negotiations within a s=
ingle Phase 1. I am also in need of something that can support VLAN interf=
aces on the LAN side, and ideally something with multi zoning so I can keep=
LAN side networks separate from each without ridiculous firewall rules. M=
eaning build a zone for "Customer network 1" and it displays separately (ea=
se of management and firewall config hopefully). I need a minimum of 10 "z=
ones" on LAN side (/29 or /30), and NAT support for LAN to WAN (to dedicate=
all outbound connections to a single IP from a specific zone), ideally som=
ething extremely scalable (100-200 zones). And here is the super fun part!=
I need something that is going to be web managed primarily as minions wil=
l be doing most of the day to day maintenance, or very simple CLI config. =
Willing to pay for something if need be, but looking for something that can=
easily handly 50-100mbit of throughput.
>
> Any Ideas?
>
> Thanks!
>
> Blake Pfankuch
> =20
