Linux firewall vs appliance
Michael Tewner
tewner at gmail.com
Mon Jan 24 22:19:23 IST 2011
2011/1/24 Hetz Ben Hamo <hetzbh at gmail.com>
> Hi,
>
> I was wondering about the following scenario:
>
> I have 2 lines coming from 2 carriers, each line is 2 Gbit internet
> connection. They go to a router, and then there should be a firewall..
>
> Here I have 2 choices:
>
> 1. Take a Cisco/Fortigate/Juniper/Whatever box, throw it in, configure it,
> and be done with it, while I need to pay some yearly license for updates.
> 2. Stick some serious Linux server that it will become the firewall.
>
> My question: based on whats available for Linux today (iptables, APF, BFD,
> you-name-it..) - could Linux be trusted as a very good firewall for data
> center (as an example)? (I know that Checkpoint is using Linux, but they
> wrote some additional closed source modules, and I haven't heard any
> alternatives of those modules in open source version)
>
> I have read articles with people swear that Linux box should suite it while
> other highly recommended the appliances..
>
> Whats your opinion?
> Hetz
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
1. If you ever plan on hitting 2 Gbit on a Cisco, you'll need some
heavy-duty firewalls (
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html )
running you > $20,000
2. On the other hand, I don't know how much you're paying for 2 2Gbit links,
so "heavy-duty" firewalls might be just a drop in the bucket...
3. I would recommend an appropriately scaled firewall appliance
4. If you plan to go with Linux, make sure IPtables can actually handle that
much bandwidth.
-Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110124/c72c85ff/attachment.html>
More information about the Linux-il
mailing list