Linux firewall vs appliance
Hetz Ben Hamo
hetzbh at gmail.com
Tue Jan 25 00:46:27 IST 2011
Hi Michael,
1. If you ever plan on hitting 2 Gbit on a Cisco, you'll need some
> heavy-duty firewalls (
> http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html )
> running you > $20,000
>
4 Gbit, not 2 :)
> 2. On the other hand, I don't know how much you're paying for 2 2Gbit
> links, so "heavy-duty" firewalls might be just a drop in the bucket...
>
$20k a drop in a bucket? how much you really think the cost of 2X2Gbit cost?
not that much ;)
> 3. I would recommend an appropriately scaled firewall appliance
>
There used to be a time where you could buy a firewall, do some updated
periodically and be done with it. Today it's more about contracts. You buy
the boxes, you pay a contractor to do the job for you (if you don't know how
to do this), and then there's this yearly update service which costs you an
arm and a leg and if something goes wrong with the vendor, you're left with
an expensive brick. See my post here <http://benhamo.org/wp/?p=2256> for
example.
> 4. If you plan to go with Linux, make sure IPtables can actually handle
> that much bandwidth.
>
I will check that. I'll also check pfsense.
>Also -
>Many firewall appliances come with Active/Active and Active/Passive
configurations. If you roll-your-own linux firewall, you'll need to mess
with
>HSRP, VRRP, syncing configurations, syncing open connections, monitoring
your connections, and a myriad of other things which a company
>who specializes in this sort of thing has already solved.
True, but when the cisco/other boxed solution costs $20K, it might be a
better idea to look for alternatives, maybe a distribution which has this or
a solution that is based on Linux and has this solution covered. 2 HP G6
servers with dual Xeon costs about $6k which can handle this traffic easily,
and if I add a contractor+solution costs, I could go about $10k, that 50%
from Cisco offer..
Hetz
> -Mike
>
--
*חץ בן חמו
חץ-ביז (הוסטינג)
*השכרה ואירוח של שרתים פיזיים
השכרת שרתים וירטואליים מקצועיים וגדולים במחירים *קטנים*
בקרו באתרנו בכתובת hetz.biz <http://www.hetz.biz/> ובבלוג שלנו:
blog.hetz.biz
טלפוןן: 0783333113/4/5, אימייל: sales at hetz.biz
מסנג'ר: sales at hetz.biz - סקייפ: heunique
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110125/94e48a78/attachment-0001.html>
More information about the Linux-il
mailing list