[189125] in North American Network Operators' Group
Re: sub $500-750 CPE firewall for voip-centric application
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu May 5 20:27:36 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CA+M5dWaXw5eF15VO1X+c7Nz7UPSy=pjSQ3fE-kDBLEVydRbwWw@mail.gmail.com>
Date: Thu, 5 May 2016 20:27:31 -0400
To: Javier J <javier@advancedmachines.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On May 5, 2016, at 4:52 PM, Javier J <javier@advancedmachines.us> =
wrote:
>=20
> I'm a fan of the EdgeRouterLite3
>=20
>=20
> I don't manage many small businesses networks anymore because we now =
do
> only 100% cloud and remote work but I started deploying them to all my =
old
> clients I still have on retainer.
>=20
>=20
> It is a wonderful solid set it, and forget it device and you can =
manage it
> with ssh (it is basically running a fork of Vyatta under the hood on =
Cavium
> hardware which is nice because it does lots of hardware offload like =
any
> other enterprise device.)
I=E2=80=99ll +1 the Edgerouter series. They are cheap and hit the right =
price=20
performance ratio for most homes.
You can do site-to-site IPSEC VPN stuff and easily SSH + tcpdump if =
necessary.
If you are looking for more complex blocking rules and services, you =
need to be
looking at something like the Deteque DNS service or the Cisco/OpenDNS =
services
instead to nuke outbound malware connections and such.
- Jared
