I highly recommend firewall products from Juniper. They are rock-solid
devices designed from the ground up to be firewalls, and have a great
track-record. I don't like using Linux/Unix as my firewall because (a)
software based firewalls are SLOW (b) unless your full time job is to
keep up with security on this box, there is a good chance that you will
be broken in.
ACNS is deploying Juniper devices for the campus IPS, as well as for
department firewalls. I have nothing but good things to say about the
ACNS Security Group with regards to running our department's firewall.
-Nick Kwiatkowski
MSU Telecom Systems
-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Eric Weston
Sent: Wednesday, March 05, 2008 8:43 AM
To: [log in to unmask]
Subject: [MSUNAG] firewall hardware
I'm collecting opinions regarding hardware to use for a firewall. If you
are interested in weighing in on this subject, I'm interested to hear
your ideas.
The hypothetical firewall is a purpose built OpenBSD box running OpenBSD
Packet Filter (pf), on a box that bridges the outside world to a
protected network of approximately 1000 nodes. The box needs to have a
network interface for administrative access via ssh, and two
high-throughput network interfaces to provide the "bridge" from the
protected network to the internet.
Given this general scenario, what sort of box might you purchase and/or
assemble for this purpose? What elements would you consider critical?
(architecture, interfaces, harddrive or alternative, CPU, etc..)
Thanks,
Eric Weston, Libraries
|