[164730] in North American Network Operators' Group
Re: which firewall product?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jul 30 19:03:51 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAP-guGV66EJebHOhkOuxAo7OcYbSt_Asa_nQSCysBdBQiq2eBw@mail.gmail.com>
Date: Tue, 30 Jul 2013 15:56:35 -0700
To: William Herrin <bill@herrin.us>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Aren't there appliance versions that are just iptables/linux under the =
hood?
For example, IPCop, IPFire, Smoothwall, Untangle, and Vyatta should fit =
the bill.
Owen
On Jul 30, 2013, at 13:00 , William Herrin <bill@herrin.us> wrote:
> Hi folks,
>=20
> I'm trying to identify a firewall appliance for one of my customers.
> The wrinkle is: it has to be able to inspect packets inside an IPIP
> tunnel and accept/reject based on IP address, TCP port number and
> standard things like that. On the packet carried *inside* the IPIP
> tunnel packet.
>=20
>=20
>> =46rom what I can tell, the Cisco ASA can't do this.
>=20
> Linux iptables can (with the u32 match module) but the customer wants
> an appliance, not a server.
>=20
> What appliances do you know of that can do this? Is there a different
> Cisco box? A Juniper firewall? Anything else?
>=20
> Thanks in advance,
> Bill Herrin
>=20
>=20
> --=20
> William D. Herrin ................ herrin@dirtside.com bill@herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
