They don't have a VM yet - coming soon - but you may take a look at Palo Alto Networks. Having just a regular stateful firewall is not a good idea anymore...
Peter Nowak On Jul 1, 2011, at 12:35 AM, Blake T. Pfankuch wrote: > Normally I would agree with you as far as separate instances, however this > will be in a situation where we pay ridiculous amounts for cpu and memory, so > a single instance is what we are shooting for (remember those ridiculous > requirements). I am planning to do some further testing with vyatta and > pfsense. Thanks you all for the on list and off list responses! > > -----Original Message----- > From: Sargun Dhillon [mailto:sar...@sargun.me] > Sent: Thursday, June 30, 2011 9:56 PM > To: George Bonser > Cc: Blake T. Pfankuch; NANOG (nanog@nanog.org) > Subject: Re: Firewall Appliance Suggestions > > > > ----- Original Message ----- >> From: "George Bonser" <gbon...@seven.com> >> To: "Blake T. Pfankuch" <bl...@pfankuch.me>, "NANOG (nanog@nanog.org)" >> <nanog@nanog.org> >> Sent: Thursday, June 30, 2011 11:30:53 AM >> Subject: RE: Firewall Appliance Suggestions >> >>> Willing to pay for something if need be, but looking for something >>> that can easily handly 50-100mbit of throughput. >>> >>> Any Ideas? >>> >>> Thanks! >>> >>> Blake Pfankuch >> >> >> I might also look at Vyatta. They have appliances or you can run the >> software on your own hardware. >> >> >> >> >> >> > > I would not go with Vyatta if you're doing anything complex. The number of > random bugs I've hit with their software are numerous. In the right hands, > it's a powerful tool. And it seems to fit your solution really well. > > If I were in your shoes, I would install two instances that would handle the > "edge" of the cluster, and then an instance per customer (lightweight, they > sell a VMWare image). Then use dynamic routing to direct traffic to the > customer (assign each customer their own ASN, and peer with their instance). > So, worse case scenario, the NOC monkey only breaks one customer's gear. > > > -- > Sargun Dhillon > VoIP (US): +1-925-235-1105 Peter Nowak Manager, Technical Services Bat Blue Corporation | Integrity . Privacy . Availability p. 212.461.3322 x3020 | f. 212.584.9999 | w. www.batblue.com Bat Blue's AS: 25885 | BGP Policy | Peering Policy Bat Blue's Legal Notice Receive Bat Blue's DSB Intelligence Report Bat Blue is proud to be the Official WiFi Provider for ESPN's X-Games
