On 3 May 2007 09:17:01 -0700, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Hi, > > I have some time to come up with a new firewall/router/vpn solution > for our datacentre, and I'm considering a shiny new server with > OpenBSD and pf instead of a costly PIX. On the part of our network > that I'm doing this for we might see maximum 20Mbit/s unencrypted > traffic. > > Is anyone using an OpenBSD/pf solution in a production environment > like this? What hardware are you using? How's it holding up? :-) > > I'm fascinated to hear about anyone who has put the house on this > combination and succeeded, and whether they've implemented hot > failover etc.
I have a customer in VA with almost exactly the same throughput on a failover PF/CARP pair, protecting a few different pools of IIS/Apache webservers. The firewalls are running on commodity PC hardware (IronSystems A210 servers, IIRC). The important thing is to get quality network interfaces. These days, I'm not sure what is officially recommended, but I've always been happy with Intel (em). -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
