I use JuNOS Juniper for just this and it works well. However, I have not used the GUI for configuring it, but the command line is very usable.
However, if you have a NOC Monkey, I would be tempted to create your own front end for configuring stuff and have an XML interface to the real boxes.. -- Leigh ________________________________________ From: Blake T. Pfankuch [[email protected]] Sent: 30 June 2011 17:45 To: -Hammer-; Claudio Salmin; [email protected]; William Cooper Subject: RE: Firewall Appliance Suggestions For those of you who responded quickly and usefully, do you have any experience with the CheckPoint/Juniper/Fortinet in an environment with multiple protected subnets running on VMware? Simple enough for a NOC monkey to make changes to without breaking assuming he has half a brain and a process in front of him to follow? -----Original Message----- From: -Hammer- [mailto:[email protected]] Sent: Thursday, June 30, 2011 9:57 AM To: [email protected] Subject: Re: Firewall Appliance Suggestions CheckPoint -Hammer- "I was a normal American nerd" -Jack Herer On 06/30/2011 10:50 AM, Blake T. Pfankuch wrote: > Howdy, > I am looking for something a little unique in a bit of a > tough situation with some sticky requirements. First off, my requirements > are a little weird and I can't bend them a whole lot due to stipulations > being put on me. I am in need a firewall appliance which can be run on > VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within a > single Phase 1. I am also in need of something that can support VLAN > interfaces on the LAN side, and ideally something with multi zoning so I can > keep LAN side networks separate from each without ridiculous firewall rules. > Meaning build a zone for "Customer network 1" and it displays separately > (ease of management and firewall config hopefully). I need a minimum of 10 > "zones" on LAN side (/29 or /30), and NAT support for LAN to WAN (to dedicate > all outbound connections to a single IP from a specific zone), ideally > something extremely scalable (100-200 zones). And here is the super fun > part! I need something that is going to be web managed primarily as minions > will be doing most of the day to day maintenance, or very simple CLI config. > Willing to pay for something if need be, but looking for something that can > easily handly 50-100mbit of throughput. > > Any Ideas? > > Thanks! > > Blake Pfankuch > ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
