[142556] in North American Network Operators' Group
RE: Firewall Appliance Suggestions
daemon@ATHENA.MIT.EDU (Jean CLERY)
Mon Jul 4 19:00:03 2011
From: "Jean CLERY" <jean.clerymrs@gmail.com>
To: "'Curtis Maurand'" <cmaurand@xyonet.com>,
<nanog@nanog.org>
Date: Tue, 5 Jul 2011 00:58:51 +0200
In-Reply-To: <4E123368.7020602@xyonet.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Blake
Try www.netasq.com
Regards,
Jean CLERY
-----Message d'origine-----
De=A0: Curtis Maurand [mailto:cmaurand@xyonet.com]=20
Envoy=E9=A0: lundi 4 juillet 2011 23:41
=C0=A0: nanog@nanog.org
Objet=A0: Re: Firewall Appliance Suggestions
On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:
> Linux + iptables + fwbuilder
>
>
>
> On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch<blake@pfankuch.me>
wrote:
>> Howdy,
>> I am looking for something a little unique in a bit =
of a
tough situation with some sticky requirements. First off, my =
requirements
are a little weird and I can't bend them a whole lot due to stipulations
being put on me. I am in need a firewall appliance which can be run on
VMware vSphere, with IPSEC support for multiple Phase 2 negotiations =
within
a single Phase 1. I am also in need of something that can support VLAN
interfaces on the LAN side, and ideally something with multi zoning so I =
can
keep LAN side networks separate from each without ridiculous firewall =
rules.
Meaning build a zone for "Customer network 1" and it displays separately
(ease of management and firewall config hopefully). I need a minimum of =
10
"zones" on LAN side (/29 or /30), and NAT support for LAN to WAN (to
dedicate all outbound connections to a single IP from a specific zone),
ideally something extremely scalable (100-200 zones). And here is the =
super
fun part! I need something that is going to be web managed primarily as
minions will be doing most of the day to day maintenance, or very simple =
CLI
config. Willing to pay for something if need be, but looking for =
something
that can easily handly 50-100mbit of throughput.
>>
>> Any Ideas?
>>
>> Thanks!
>>
>> Blake Pfankuch
>>
Vyatta. They have an appliance on their website.
--Curtis
