[189129] in North American Network Operators' Group
Re: sub $500-750 CPE firewall for voip-centric application
daemon@ATHENA.MIT.EDU (Warren Kumari)
Thu May 5 22:47:31 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <8A0B1704-F3F8-4F2B-B0DE-9A35B0B3C9C0@puck.nether.net>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 06 May 2016 02:47:17 +0000
To: Jared Mauch <jared@puck.nether.net>, Javier J <javier@advancedmachines.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Yeah, the EdgeRouter series do not suck.
Fast, stable, easy to manage (although the broken tab completion drives me
nuts ('sho ip route' should just work, I'm too old to retrain my
fingers...) - other than that they are great...
W
On Thu, May 5, 2016 at 8:28 PM Jared Mauch <jared@puck.nether.net> wrote:
>
> > On May 5, 2016, at 4:52 PM, Javier J <javier@advancedmachines.us> wrote=
:
> >
> > I'm a fan of the EdgeRouterLite3
> >
> >
> > I don't manage many small businesses networks anymore because we now do
> > only 100% cloud and remote work but I started deploying them to all my
> old
> > clients I still have on retainer.
> >
> >
> > It is a wonderful solid set it, and forget it device and you can manage
> it
> > with ssh (it is basically running a fork of Vyatta under the hood on
> Cavium
> > hardware which is nice because it does lots of hardware offload like an=
y
> > other enterprise device.)
>
> I=E2=80=99ll +1 the Edgerouter series. They are cheap and hit the right =
price
> performance ratio for most homes.
>
> You can do site-to-site IPSEC VPN stuff and easily SSH + tcpdump if
> necessary.
>
> If you are looking for more complex blocking rules and services, you need
> to be
> looking at something like the Deteque DNS service or the Cisco/OpenDNS
> services
> instead to nuke outbound malware connections and such.
>
> - Jared
>
>
