I also recommend Juniper products. Our college has been running a high-availability (active-passive) firewall configuration using Juniper (Netscreen) products for over 4 years now. -- Stephen Bogdanski Network Support College of Veterinary Medicine Michigan State University >>> On 3/5/2008 at 9:27 AM, <[log in to unmask]> wrote: > I highly recommend firewall products from Juniper. They are rock-solid > devices designed from the ground up to be firewalls, and have a great > track-record. I don't like using Linux/Unix as my firewall because (a) > software based firewalls are SLOW (b) unless your full time job is to > keep up with security on this box, there is a good chance that you will > be broken in. > > ACNS is deploying Juniper devices for the campus IPS, as well as for > department firewalls. I have nothing but good things to say about the > ACNS Security Group with regards to running our department's firewall. > > -Nick Kwiatkowski > MSU Telecom Systems > > -----Original Message----- > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Eric Weston > Sent: Wednesday, March 05, 2008 8:43 AM > To: [log in to unmask] > Subject: [MSUNAG] firewall hardware > > I'm collecting opinions regarding hardware to use for a firewall. If you > are interested in weighing in on this subject, I'm interested to hear > your ideas. > > The hypothetical firewall is a purpose built OpenBSD box running OpenBSD > Packet Filter (pf), on a box that bridges the outside world to a > protected network of approximately 1000 nodes. The box needs to have a > network interface for administrative access via ssh, and two > high-throughput network interfaces to provide the "bridge" from the > protected network to the internet. > > Given this general scenario, what sort of box might you purchase and/or > assemble for this purpose? What elements would you consider critical? > (architecture, interfaces, harddrive or alternative, CPU, etc..) > > > Thanks, > Eric Weston, Libraries