First of all, thanks to all of you that have replied.
I've thought of adding VLANs, and will be doing it in the future maybe,
but in our current situation, that's not possible; not all the switches
support this option, and there's still some concern about security
implications (specially in upper layers of the company).
This may be unfounded, but there is not much that I can do for the time
being, and keeping things "simple" by dividing networks physically does
it for us right now. I know that it means more cables, more switches,
etc., but we can also choose almost any kind of switch and do not need
to manage each switch in addition to the firewalls. I really don't want
to add to this discussion, but that's the way it's being done right now.
Anyway, thanks to everyone!
Martmn Coco escribis:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port NIC (in addition
to the two-port onboard card), but I haven't read good things about the
way they work.
I've also looked into soekris, but they don't seem to have enough CPU
for what we want (this is pure speculation) as we also have intense
IPSec traffic on some of these firewalls (I've seen that some of them
could have encryption boards added to increase performance, but I don't
know if it works for any kind of protocol, or at what rate).
In any case, what I would like to have is firewalls with multiple NICs
(at least 6 NICs) *and* sufficient CPU to let IPSec work alright at
least at ~50Mbps (internal backbone firewalls). The multiple NICs are to
use trunk, pfsync, real network interfaces, etc.
Thanks,
Martmn.
