Jason Dixon wrote:
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Why could you possibly need 6 physical interfaces? Even if you have a
failover pair of firewalls and switches, with a dedicated pfsync
interface, you could get by easily with three interfaces. The first two
interfaces are trunked, one to each switch. Use vlan(4) interfaces with
carp(4) on top of that. Your third interface would crossover between
firewalls for private pfsync traffic.
Hmmmm. "Why would you ever want to do that?" - really not a good thing
to say to someone... Saying that means you lack respect for the person
or lack imagination. "What are you using them for" is a better response.
I've frequently used 5 ports on my firewall for multiple isolated subnets.
I've had very good luck with any of a number of 4-port cards. Unfortunately,
the good ones are no longer made. I'm using a 4-sf card which is available
on the surplus market for $40 or so. The sf chip occasionally stops transmitting
(maybe 2 or three times a week) but the driver (with the latest fixes) catches
it.
The 4-dc card is better but harder to find.
Is there a requirement for low power or small form factor?
geoff steckel
