2011/1/24 Hetz Ben Hamo <het...@gmail.com> > Hi, > > I was wondering about the following scenario: > > I have 2 lines coming from 2 carriers, each line is 2 Gbit internet > connection. They go to a router, and then there should be a firewall.. > > Here I have 2 choices: > > 1. Take a Cisco/Fortigate/Juniper/Whatever box, throw it in, configure it, > and be done with it, while I need to pay some yearly license for updates. > 2. Stick some serious Linux server that it will become the firewall. > > My question: based on whats available for Linux today (iptables, APF, BFD, > you-name-it..) - could Linux be trusted as a very good firewall for data > center (as an example)? (I know that Checkpoint is using Linux, but they > wrote some additional closed source modules, and I haven't heard any > alternatives of those modules in open source version) > > I have read articles with people swear that Linux box should suite it while > other highly recommended the appliances.. > > Whats your opinion? > Hetz > > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > 1. If you ever plan on hitting 2 Gbit on a Cisco, you'll need some heavy-duty firewalls ( http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html ) running you > $20,000 2. On the other hand, I don't know how much you're paying for 2 2Gbit links, so "heavy-duty" firewalls might be just a drop in the bucket... 3. I would recommend an appropriately scaled firewall appliance 4. If you plan to go with Linux, make sure IPtables can actually handle that much bandwidth.
-Mike
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
