[146309] in North American Network Operators' Group
Re: Firewalls - Ease of Use and Maintenance?
daemon@ATHENA.MIT.EDU (Jonathan Lassoff)
Tue Nov 8 23:47:58 2011
In-Reply-To: <E36EB8E60B5EB244AAFCFEF0AF0A116D0301794C40@MS-EX7MB-P03.corp.se.sempra.com>
Date: Tue, 8 Nov 2011 20:47:48 -0800
From: Jonathan Lassoff <jof@thejof.com>
To: "Jones, Barry" <BEJones@semprautilities.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It really depends on what constraints you have. Do you care about:
cost? performance? support?
Personally, for cost-constrained applications of 1 Gbit/s or less
(assuming modestly-sized packets, not all-DNS for example), I like
OpenBSD/pf or Linux/netfilter and generic x86 64-bit servers.
It's cheap, deeply customizable and since everything touches a CPU, it
allows for deep traffic inspection.
The tradeoff is that there's no support from major vendors, but there
are many smaller but very experienced consulting shops that can
integrate any patches and fix and issues that may arise.
What kinds of things are you looking for?
Cheers,
jof
On Tue, Nov 8, 2011 at 3:06 PM, Jones, Barry
<BEJones@semprautilities.com> wrote:
> Hello all.
> I am potentially looking at firewall products and wanted suggestions as t=
o the easiest firewalls to install, configure and maintain? I have a few sm=
all networks ( 50 nodes at one site, 50 odd at another, and maybe 20 at ano=
ther. I have worked with Cisco Pix, ASA, Netscreen, and Checkpoint (Nokia),=
and each have strong and not as strong features for ease of use. Like ever=
yone, I'm resource challenged and need an easy solution to stand up and ope=
rate.
>
> Feel free to ping me offline - and thank you for the assistance.
>
> ----------------------------------------
> Barry Jones - CISSP GSNA
> Project Manager II
> Sempra Energy Utilities
> (760) 271-6822
>
> P please don't print this e-mail unless you really need to.
> ----------------------------------------
>
>
