On Fri, 2007-06-15 at 09:39 -0600, Steven Alligood wrote: > "unlimited funds" and "1-4GB of traffic" being the key words here, I > would strongly suggest a commercial product. > > You can do very well on the lower end traffic scale (a couple hundred > MB/sec) with open source and PC hardware, but once you start throwing > around some serious traffic, you will find that the commercial products > just handle it better, often with very nice reporting tools. > > I am not saying that you cannot do it with non-commercial stuff, but you > will have a lot more headaches dealing with that amount of traffic.
Yeah I used to believe that too. Until opened up our so-called professional product. This was a medium-end Cisco PIX. Turned out it had a Celeron processor in it and 3 ordinary, 100 Mb/s on-board nics. And it's no different (except for a more powerful processor and gigabit nics) on the higher end PIX's. A PCI bus is a PCI bus. Very few firewalls are anything but ordinary pc hardware. Slap a couple of gigabit, 64-bit cards (or PCI express) in a beefy machine and you'll more than match the commercial solution. No really. While it is true a router with ASIC hardware to do fabric switching is a far cry from sticking a bunch of nics in a box, installing linux, and calling it a router, I have not found the same idea to be true in the realm of over-priced, so-called hardware firewalls. I built a linux firewall out of a dell 1U server that handily matched if not beat a $10,000 solution in terms of throughput. > > -Steve > > Daniel wrote: > > It sounds like pfSense is the way to go for the schools, given the > > responses. Thank you. > > > > Now let's say you had to secure about 1-4GBs of traffic and you had > > unlimited funds would you still go with pfSense or would you go with a > > commercial solution like Juniper, or Cisco? Does anyone have > > experience with a Juniper or any other commercial solution and > > pfSense? > > > > -Daniel > > > > On 6/15/07, Lars Rasmussen <[EMAIL PROTECTED]> wrote: > >> Look no further than pfSense for your firewall. > >> > >> I've been using pfSense since the alpha releases - I previously used > >> m0n0wall. Before m0n0wall I was using a floppy disk to boot a Linux > >> based firewall. I've used pfSense at work and at home. > >> > >> pfSense will let you enforce QoS(even has a wizard for prioritization > >> of VoIP & common applications/traffic types). pfSense allows for > >> failover & multiple WAN connections, and has multiple VPN types as > >> part of the standard feature set. > >> > >> You can add features(packages) if you so desire. One of my Windows > >> buddies still marvels at how he doesn't even think about his pfSense > >> box - it just sits in the closet and runs. > >> > >> I am currently using pfSense at home with Comcast & Vonage; it allows > >> me to coexist with BitTorrent nicely, and the pfSense project seems to > >> have more active development than any of the Linux-based firewall > >> projects. > >> > >> It is straightforward to install pfSense yourself, but you could > >> alternately buy an appliance that contains no moving parts & likely > >> increase your uptimes to years. Here's what the console portion of > >> the pfSense installation looks like: > >> > >> http://www.metacafe.com/watch/584867/install_pfsense_1_2beta1/ > >> > >> Configuration after this point is handled via the web interface. > >> -- > >> Lars > >> > >> /* > >> PLUG: http://plug.org, #utah on irc.freenode.net > >> Unsubscribe: http://plug.org/mailman/options/plug > >> Don't fear the penguin. > >> */ > >> > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
