RE: Firewall Appliance Suggestions

[Leigh Porter <leigh.porter () ukbroadband com>]

I use JuNOS Juniper for just this and it works well. However, I have not used the GUI for configuring it, but the 
command line is very usable.

However, if you have a NOC Monkey, I would be tempted to create your own front end for configuring stuff and have an 
XML interface to the real boxes..

--
Leigh


________________________________________
From: Blake T. Pfankuch [blake () pfankuch me]
Sent: 30 June 2011 17:45
To: -Hammer-; Claudio Salmin; nanog () nanog org; William Cooper
Subject: RE: Firewall Appliance Suggestions

For those of you who responded quickly and usefully, do you have any experience with the CheckPoint/Juniper/Fortinet in 
an environment with multiple protected subnets running on VMware?  Simple enough for a NOC monkey to make changes to 
without breaking assuming he has half a brain and a process in front of him to follow?

-----Original Message-----
From: -Hammer- [mailto:bhmccie () gmail com]
Sent: Thursday, June 30, 2011 9:57 AM
To: nanog () nanog org
Subject: Re: Firewall Appliance Suggestions

CheckPoint

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 06/30/2011 10:50 AM, Blake T. Pfankuch wrote:
> Howdy,
>                  I am looking for something a little unique in a bit of a tough situation with some sticky 
> requirements.  First off, my requirements are a little weird and I can't bend them a whole lot due to stipulations 
> being put on me.  I am in need a firewall appliance which can be run on VMware vSphere, with IPSEC support for 
> multiple Phase 2 negotiations within a single Phase 1.  I am also in need of something that can support VLAN 
> interfaces on the LAN side, and ideally something with multi zoning so I can keep LAN side networks separate from 
> each without ridiculous firewall rules.  Meaning build a zone for "Customer network 1" and it displays separately 
> (ease of management and firewall config hopefully).  I need a minimum of 10 "zones" on LAN side (/29 or /30), and NAT 
> support for LAN to WAN (to dedicate all outbound connections to a single IP from a specific zone), ideally something 
> extremely scalable (100-200 zones).  And here is the super fun part!  I need something that is going to be web 
> managed primarily as minions will be doing most of the day to day maintenance, or very simple CLI config.  Willing to 
> pay for something if need be, but looking for something that can easily handly 50-100mbit of throughput.
>
> Any Ideas?
>
> Thanks!
>
> Blake Pfankuch


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________