I also recommend Juniper products. Our college has been running a high-availability (active-passive) firewall configuration using Juniper (Netscreen) products for over 4 years now.
College of Veterinary Medicine
Michigan State University
>>> On 3/5/2008 at 9:27 AM, <[log in to unmask]> wrote:
> I highly recommend firewall products from Juniper. They are rock-solid
> devices designed from the ground up to be firewalls, and have a great
> track-record. I don't like using Linux/Unix as my firewall because (a)
> software based firewalls are SLOW (b) unless your full time job is to
> keep up with security on this box, there is a good chance that you will
> be broken in.
> ACNS is deploying Juniper devices for the campus IPS, as well as for
> department firewalls. I have nothing but good things to say about the
> ACNS Security Group with regards to running our department's firewall.
> -Nick Kwiatkowski
> MSU Telecom Systems
> -----Original Message-----
> From: MSU Network Administrators Group [mailto:[log in to unmask]] On
> Behalf Of Eric Weston
> Sent: Wednesday, March 05, 2008 8:43 AM
> To: [log in to unmask]
> Subject: [MSUNAG] firewall hardware
> I'm collecting opinions regarding hardware to use for a firewall. If you
> are interested in weighing in on this subject, I'm interested to hear
> your ideas.
> The hypothetical firewall is a purpose built OpenBSD box running OpenBSD
> Packet Filter (pf), on a box that bridges the outside world to a
> protected network of approximately 1000 nodes. The box needs to have a
> network interface for administrative access via ssh, and two
> high-throughput network interfaces to provide the "bridge" from the
> protected network to the internet.
> Given this general scenario, what sort of box might you purchase and/or
> assemble for this purpose? What elements would you consider critical?
> (architecture, interfaces, harddrive or alternative, CPU, etc..)
> Eric Weston, Libraries