|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Peter Nowak <pnowak@batblue.com> In-Reply-To: <CC75EEBF17C7374EA8309102B7B10C840C88A1@SHSBS.shenrons-house.local> Date: Tue, 5 Jul 2011 00:50:45 -0400 To: Blake T. Pfankuch <blake@pfankuch.me> Cc: "NANOG \(nanog@nanog.org\)" <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org They don't have a VM yet - coming soon - but you may take a look at Palo = Alto Networks. Having just a regular stateful firewall is not a good = idea anymore... Peter Nowak On Jul 1, 2011, at 12:35 AM, Blake T. Pfankuch wrote: > Normally I would agree with you as far as separate instances, however = this will be in a situation where we pay ridiculous amounts for cpu and = memory, so a single instance is what we are shooting for (remember those = ridiculous requirements). I am planning to do some further testing with = vyatta and pfsense. Thanks you all for the on list and off list = responses! >=20 > -----Original Message----- > From: Sargun Dhillon [mailto:sargun@sargun.me]=20 > Sent: Thursday, June 30, 2011 9:56 PM > To: George Bonser > Cc: Blake T. Pfankuch; NANOG (nanog@nanog.org) > Subject: Re: Firewall Appliance Suggestions >=20 >=20 >=20 > ----- Original Message ----- >> From: "George Bonser" <gbonser@seven.com> >> To: "Blake T. Pfankuch" <blake@pfankuch.me>, "NANOG = (nanog@nanog.org)"=20 >> <nanog@nanog.org> >> Sent: Thursday, June 30, 2011 11:30:53 AM >> Subject: RE: Firewall Appliance Suggestions >>=20 >>> Willing to pay for something if need be, but looking for something=20= >>> that can easily handly 50-100mbit of throughput. >>>=20 >>> Any Ideas? >>>=20 >>> Thanks! >>>=20 >>> Blake Pfankuch >>=20 >>=20 >> I might also look at Vyatta. They have appliances or you can run the=20= >> software on your own hardware. >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >=20 > I would not go with Vyatta if you're doing anything complex. The = number of random bugs I've hit with their software are numerous. In the = right hands, it's a powerful tool. And it seems to fit your solution = really well.=20 >=20 > If I were in your shoes, I would install two instances that would = handle the "edge" of the cluster, and then an instance per customer = (lightweight, they sell a VMWare image). Then use dynamic routing to = direct traffic to the customer (assign each customer their own ASN, and = peer with their instance). So, worse case scenario, the NOC monkey only = breaks one customer's gear.=20 >=20 >=20 > -- > Sargun Dhillon > VoIP (US): +1-925-235-1105 Peter Nowak Manager, Technical Services Bat Blue Corporation | Integrity . Privacy . Availability p. 212.461.3322 x3020 | f. 212.584.9999 | w. www.batblue.com Bat Blue's AS: 25885 | BGP Policy | Peering Policy Bat Blue's Legal Notice Receive Bat Blue's DSB Intelligence Report Bat Blue is proud to be the Official WiFi Provider for ESPN's X-Games
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |