Re: Firewall Appliance Suggestions

Thu, 30 Jun 2011 09:59:05 -0700

I do. Your NOC Monkey reference is your biggest hurdle. What you are asking for is a bit beyond "traditional" so finding something with a pretty interface for a monkey may be tough. CheckPoint will require a fat client. If that is an issue.... 

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 06/30/2011 11:43 AM, Blake T. Pfankuch wrote:

For those of you who responded quickly and usefully, do you have any experience 
with the CheckPoint/Juniper/Fortinet in an environment with multiple protected 
subnets running on VMware?  Simple enough for a NOC monkey to make changes to 
without breaking assuming he has half a brain and a process in front of him to 
follow?

-----Original Message-----
From: -Hammer- [mailto:bhmc...@gmail.com]
Sent: Thursday, June 30, 2011 9:57 AM
To: nanog@nanog.org
Subject: Re: Firewall Appliance Suggestions

CheckPoint

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 06/30/2011 10:50 AM, Blake T. Pfankuch wrote:

Howdy,
                  I am looking for something a little unique in a bit of a tough situation with 
some sticky requirements.  First off, my requirements are a little weird and I can't bend them a 
whole lot due to stipulations being put on me.  I am in need a firewall appliance which can be run 
on VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within a single Phase 1.  I 
am also in need of something that can support VLAN interfaces on the LAN side, and ideally 
something with multi zoning so I can keep LAN side networks separate from each without ridiculous 
firewall rules.  Meaning build a zone for "Customer network 1" and it displays separately 
(ease of management and firewall config hopefully).  I need a minimum of 10 "zones" on 
LAN side (/29 or /30), and NAT support for LAN to WAN (to dedicate all outbound connections to a 
single IP from a specific zone), ideally something extremely scalable (100-200 zones).  And here is 
the super fun part!  I need something that is going to be web managed primarily as minions will be 
doing most of the day to day maintenance, or very simple CLI config.  Willing to pay for something 
if need be, but looking for something that can easily handly 50-100mbit of throughput.

Any Ideas?

Thanks!

Blake Pfankuch

Reply via email to