On 5/8/13 12:10 PM, Mike Copeland wrote: > Anyone have any experience, advice, for perimeter firewalls on a corporate > network? > I'm looking at the Cisco and the Fortinet devices. I don't need VPN or > spam/virus > filtering, just high volume throughput and stability. > Currently using a Cisco (IOS) that, after a year or so of life, is hanging up > randomly every 40 or 50 hours. > Thanks for any feedback.
I build linux firewalls from low-end Dell PowerEdge servers. It's like $700 plus 2-4 hours of my time. You get a very configurable firewall with high reliability/stability/security and volume throughput that I've never noticed to be less than acceptable. The basic recipe is: Current Ubuntu LTS Server release (12.04 currently) apt-get install shorewall drop in and modify boilerplate interfaces, zones, policies, rules, masq I usually put a OpenVPN endpoint for me to connect through Failing OpenVPN, I'll open port 22 for SSH change /etc/default/shorewall to startup=1 service shorewall start Every week, either automatically or manually, do a "apt-get update; apt-get dist-upgrade" or apt-get install unattended-updates and configure to get the security updates. I like using general Linux boxes for specific things like this because they can also pull double-duty as local caching dns servers, dhcp servers, web proxies, etc. Also, I get all the maintenance fees instead of some third-party vendor. :) I started building my own firewalls after getting fed up with every supposedly enterprise-grade firewall I tried at the time (2002 or so; I'm sure there are some superior commercial offerings today). Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
