*Nix-Based NG Firewalls - Looking for info...

["Scherck, Daniel" <scherckd () EVERGREEN EDU>]

Hi Folks -

We're looking to replace our current firewall setups with something a little more powerful. Currently we run an 
IPTables based setup. This has performed well for us overall, being fast and simple. However, with the emerging threats 
coming from both inside and outside, I'm looking at getting something a little more powerful in the lineup. We had 
already budgeted and purchased replacement servers to simply take the same setup as the current ones on new hardware, 
but due to some difficulties with implementation and compiling, I'm at the point of looking outside the current setup.  
So the question is, does anyone out there have good/bad experience with *Nix firewall distros?   I'd like to find 
something that can easily handle around 3000 concurrent users, with a 1 gig WAN pipe, and have integrated IDS/IPS, 
antivirus, and Layer 7 capability.

Just for eval purposes, I have set up ESXi on the new servers, and installed five firewall distros for testing:  
Endian, IPCop, pfsense, Smoothwall Express, and Untangle (Free).

Any other recommendations? Any considerations I might have missed?

(I have looked for other discussions in the mail list, but didn't see anything that wasn't centered around the 
appliance firewalls like Palo Alto, Fortigate and Tipping Point. Since the hardware was already purchased, those are 
pretty much off the table until next refresh.)

Dan Scherck
Sr. Network Engineer
The Evergreen State College
2700 Evergreen Parkway NW , Olympia, WA 98505
+1-360-867-5383