For those of you who responded quickly and usefully, do you have any experience with the CheckPoint/Juniper/Fortinet in an environment with multiple protected subnets running on VMware? Simple enough for a NOC monkey to make changes to without breaking assuming he has half a brain and a process in front of him to follow?
-----Original Message----- From: -Hammer- [mailto:bhmc...@gmail.com] Sent: Thursday, June 30, 2011 9:57 AM To: nanog@nanog.org Subject: Re: Firewall Appliance Suggestions CheckPoint -Hammer- "I was a normal American nerd" -Jack Herer On 06/30/2011 10:50 AM, Blake T. Pfankuch wrote: > Howdy, > I am looking for something a little unique in a bit of a > tough situation with some sticky requirements. First off, my requirements > are a little weird and I can't bend them a whole lot due to stipulations > being put on me. I am in need a firewall appliance which can be run on > VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within a > single Phase 1. I am also in need of something that can support VLAN > interfaces on the LAN side, and ideally something with multi zoning so I can > keep LAN side networks separate from each without ridiculous firewall rules. > Meaning build a zone for "Customer network 1" and it displays separately > (ease of management and firewall config hopefully). I need a minimum of 10 > "zones" on LAN side (/29 or /30), and NAT support for LAN to WAN (to dedicate > all outbound connections to a single IP from a specific zone), ideally > something extremely scalable (100-200 zones). And here is the super fun > part! I need something that is going to be web managed primarily as minions > will be doing most of the day to day maintenance, or very simple CLI config. > Willing to pay for something if need be, but looking for something that can > easily handly 50-100mbit of throughput. > > Any Ideas? > > Thanks! > > Blake Pfankuch >