[142554] in North American Network Operators' Group
Re: Firewall Appliance Suggestions
daemon@ATHENA.MIT.EDU (Curtis Maurand)
Mon Jul 4 17:42:18 2011
Date: Mon, 04 Jul 2011 17:40:56 -0400
From: Curtis Maurand <cmaurand@xyonet.com>
To: nanog@nanog.org
In-Reply-To: <BANLkTik2iUgOScUTr=2Oo3Zib8EA2exkoQ@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:
> Linux + iptables + fwbuilder
>
>
>
> On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch<blake@pfankuch.me> =
wrote:
>> Howdy,
>> I am looking for something a little unique in a bit of=
a tough situation with some sticky requirements. First off, my requirem=
ents are a little weird and I can't bend them a whole lot due to stipulat=
ions being put on me. I am in need a firewall appliance which can be run=
on VMware vSphere, with IPSEC support for multiple Phase 2 negotiations =
within a single Phase 1. I am also in need of something that can support=
VLAN interfaces on the LAN side, and ideally something with multi zoning=
so I can keep LAN side networks separate from each without ridiculous fi=
rewall rules. Meaning build a zone for "Customer network 1" and it displ=
ays separately (ease of management and firewall config hopefully). I nee=
d a minimum of 10 "zones" on LAN side (/29 or /30), and NAT support for L=
AN to WAN (to dedicate all outbound connections to a single IP from a spe=
cific zone), ideally something extremely scalable (100-200 zones). And h=
ere is the super fun part! I need something that is going to be web mana=
ged primarily as minions will be doing most of the day to day maintenance=
, or very simple CLI config. Willing to pay for something if need be, bu=
t looking for something that can easily handly 50-100mbit of throughput.
>>
>> Any Ideas?
>>
>> Thanks!
>>
>> Blake Pfankuch
>>
Vyatta. They have an appliance on their website.
--Curtis
