[189128] in North American Network Operators' Group
Re: sub $500-750 CPE firewall for voip-centric application
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu May 5 22:12:37 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <8A0B1704-F3F8-4F2B-B0DE-9A35B0B3C9C0@puck.nether.net>
Date: Thu, 5 May 2016 22:12:33 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Jared Mauch <jared@puck.nether.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, May 5, 2016 at 8:27 PM, Jared Mauch <jared@puck.nether.net> wrote:
>
> > On May 5, 2016, at 4:52 PM, Javier J <javier@advancedmachines.us> wrote=
:
> >
> > I'm a fan of the EdgeRouterLite3
> >
> >
> > I don't manage many small businesses networks anymore because we now do
> > only 100% cloud and remote work but I started deploying them to all my
> old
> > clients I still have on retainer.
> >
> >
> > It is a wonderful solid set it, and forget it device and you can manage
> it
> > with ssh (it is basically running a fork of Vyatta under the hood on
> Cavium
> > hardware which is nice because it does lots of hardware offload like an=
y
> > other enterprise device.)
>
> I=E2=80=99ll +1 the Edgerouter series. They are cheap and hit the right =
price
> performance ratio for most homes.
>
>
=E2=80=8Bcame here to say this, also they do v6, PD and all that jazz.=E2=
=80=8B
> You can do site-to-site IPSEC VPN stuff and easily SSH + tcpdump if
> necessary.
>
> If you are looking for more complex blocking rules and services, you need
> to be
> looking at something like the Deteque DNS service or the Cisco/OpenDNS
> services
> instead to nuke outbound malware connections and such.
>
>
=E2=80=8Balso agree whole-heartedly with this sentiment.y=E2=80=8B
