<div dir="rtl"><div dir="ltr">Hi Michael, <br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex"><div>
1. If you ever plan on hitting 2 Gbit on a Cisco, you'll need some heavy-duty firewalls ( <a href="http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html" target="_blank">http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html</a> ) running you > $20,000<br>
</div></blockquote><div><br></div><div>4 Gbit, not 2 :)</div><div> </div><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex"><div>
2. On the other hand, I don't know how much you're paying for 2 2Gbit links, so "heavy-duty" firewalls might be just a drop in the bucket...</div></blockquote><div><br></div><div>$20k a drop in a bucket? how much you really think the cost of 2X2Gbit cost? not that much ;)</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex"><div>3. I would recommend an appropriately scaled firewall appliance</div>
</blockquote><div><br></div><div>There used to be a time where you could buy a firewall, do some updated periodically and be done with it. Today it's more about contracts. You buy the boxes, you pay a contractor to do the job for you (if you don't know how to do this), and then there's this yearly update service which costs you an arm and a leg and if something goes wrong with the vendor, you're left with an expensive brick. See my post <a href="http://benhamo.org/wp/?p=2256">here</a> for example.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex">
<div>4. If you plan to go with Linux, make sure IPtables can actually handle that much bandwidth. </div></blockquote><div><br></div><div>I will check that. I'll also check pfsense.</div><div> </div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><div>
>Also - </div>>Many firewall appliances come with Active/Active and Active/Passive configurations. If you roll-your-own linux firewall, you'll need to mess with </span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">>HSRP, VRRP, syncing configurations, syncing open connections, monitoring your connections, and a myriad of other things which a company </span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">>who specializes in this sort of thing has already solved. </span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><br>
</span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">True, but when the cisco/other boxed solution costs $20K, it might be a better idea to look for alternatives, maybe a distribution which has this or a solution that is based on Linux and has this solution covered. 2 HP G6 servers with dual Xeon costs about $6k which can handle this traffic easily, and if I add a contractor+solution costs, I could go about $10k, that 50% from Cisco offer..</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">Hetz</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><br></span></div><div><br></div><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex">
<div><br></div><div>-Mike</div>
</blockquote></div></div><br clear="all"><br>-- <br><div dir="rtl"><div style="color:rgb(0, 0, 0);font-family:Verdana, Arial, Helvetica, sans-serif;margin-top:8px;margin-right:8px;margin-bottom:8px;margin-left:8px;background-color:rgb(255, 255, 255)">
<p dir="rtl" style="font-size:10px"><strong><span style="font-size:small"><span style="color:rgb(0, 0, 128)"><span style="color:rgb(0, 0, 0);font-weight:normal">חץ בן חמו</span><br>ח</span><span style="color:rgb(0, 0, 255)">ץ</span>-<span style="color:rgb(0, 0, 128)">ב</span><span style="color:rgb(0, 0, 255)">י</span><span style="color:rgb(51, 102, 255)">ז</span> (<span style="color:rgb(128, 0, 0)">הוסטינג</span>)<br>
</span></strong><span style="font-size:small">השכרה ואירוח של שרתים פיזיים<br></span><span style="font-size:small">השכרת שרתים וירטואליים מקצועיים וגדולים במחירים <b>קטנים</b><br>בקרו באתרנו בכתובת <a href="http://www.hetz.biz/" style="background-color:rgb(219, 216, 222)" target="_blank">hetz.biz</a> ובבלוג שלנו: <a href="http://blog.hetz.biz/" style="background-color:rgb(219, 216, 222)" target="_blank">blog.hetz.biz</a> <br>
</span><span style="font-size:small">טלפוןן: 0783333113/4/5, אימייל: <a href="mailto:sales@hetz.biz" target="_blank">sales@hetz.biz</a> <br></span><span style="font-size:small">מסנג'ר: <a href="mailto:sales@hetz.biz" target="_blank">sales@hetz.biz</a> - סקייפ: heunique</span></p>
</div></div><br>
</div>