 |
 |
As stated before, most hardware firewall solutions are pretty much computers with a custom built OS wrapped around it. In a LOT of cases simply placing a dual or triple nic'ed computer running Linux/iptables or OpenBSD/PF will work (and will likely save you a few bucks too). Thanks. -----Original Message----- From: Paul Donahue [mailto:[log in to unmask]] Sent: Tuesday, March 01, 2005 8:18 AM To: [log in to unmask] Subject: Re: [MSUNAG] hardware firewall recommendations Andrew, I would have to agree with Dennis on this one. I am a huge fan of the NetScreen product line. Here at VMC we deployed 2 NetScreen 500's running in HA mode. This gives us an effective firewall up to 700Mbps, and VPN throughput at around 250Mbps. It is a very nice product however the model we use is significantly more expensive than your department is looking to pay for. The lower end models are much more affordable. The key to picking the right one is in the details Dennis mentioned. When we first started planning ours we worked with Joe Budzyn at ACNS who was very helpful in helping us design our security plan. There are many options and configuration possibilities with the NetScreen product many of which are still a mystery to me. I hope this helps. Paul Donahue Network/Security Manager/Programmer CVM Information Technology Center A227 VMC, Michigan State University Phone: 353-5551 Fax: 432-2937 >>> dpk <[log in to unmask]> 02/28/05 02:24PM >>> Mccormack, Andrew wrote: > I have about 8 servers in my department that I want to protect using a > hardware firewall. The department needs a hardware firewall priced between > 700-1000, maybe a little more. > > Does anyone use a hardware firewall? Which ones do you recommend? Any other criteria other than price? i.e. number of interfaces, interface speed, total throughput, stateful inspection, bridging/routing modes, etc. Ultimately all firewalls are software, but for an "appliance" based firewall, I like Juniper's Netscreen products. They have enterprise features at a reasonable cost (in comparison to others). For GUI users, the administration interface is fairly intuitive and easy to use. I prefer the CLI, which works reasonably well. dpk