There have been lots of good suggestions and so I will not re-iterate but I would like to bring up Disaster Recovery and Business Continuity as critical components. Are you able to recreate your configurations elsewhere (whether you go with open-source or a purchased system)? Firmin Charlot, MCSE, A+, Information Systems Manager Educational and Support Services 162 Student Services Building East Lansing, MI 48824 [log in to unmask] (517) 432-7541 Submit technical requests at http://help.ess.msu.edu/ -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Eric Weston Sent: Wednesday, March 05, 2008 8:43 AM To: [log in to unmask] Subject: [MSUNAG] firewall hardware I'm collecting opinions regarding hardware to use for a firewall. If you are interested in weighing in on this subject, I'm interested to hear your ideas. The hypothetical firewall is a purpose built OpenBSD box running OpenBSD Packet Filter (pf), on a box that bridges the outside world to a protected network of approximately 1000 nodes. The box needs to have a network interface for administrative access via ssh, and two high-throughput network interfaces to provide the "bridge" from the protected network to the internet. Given this general scenario, what sort of box might you purchase and/or assemble for this purpose? What elements would you consider critical? (architecture, interfaces, harddrive or alternative, CPU, etc..) Thanks, Eric Weston, Libraries