On Aug 21, 2014, at 1:42 PM, G B via smartos-discuss <[email protected]> wrote:
> Here is my new thought. Replace my OpenBSD pf firewall physical server with > a Joyent-brand ipf firewall zone. > > Then I can have the cable modem line go into the ipf firewall zone and have > another physical cable go out from the ipf firewall zone to a physical switch > for the internal servers. > > And the dmz can be handled virtually on the SmartOS server itself. The admin > nic on the SmartOS server can go to the internal physical switch. This would > allow me to remove 1 physical switch and a physical firewall. > > Does anyone do this or have any opinions or thoughts on this? > While I have a lot of respect for the developers of SmartOS/Solaris (I used to work @ Sun) I will still use a dedicated hardware firewall running OpenBSD. I've been using OpenBSD for years and I trust it more than I trust other options to do firewall/LB options. Maybe I'm overly paranoid, nah forget that I think I have the right level of distrust/paranoia/etc.. :) Years ago I took a SANS class in prep for the GCFW certification. I distinctly recall the instructor saying he knew of ways around the 3 leading commercial firewalls. Little tweaks to packets and they would sail through the device. It wasn't with their default configuration either, they were supposedly locked down tight. I recently acquired some new to me servers (HP DL360 G5) that run SmartOS but unfortunately don't have the support for KVM, so Xen is going on a few for the times I need to run Windoze, Linux, etc.. I'm going to be using 2 old G3 servers to run OpenBSD/PF in a clustered configuration. I'm used to dealing with environments that demand at least 4 9s of uptime and dealing with clustering software like SCS and VCS. Using OpenBSD and various other bits I'm able to create a HA firewall/LB setup which costs me nothing but the mental equity of putting it together. :) -Chad ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
