Michael L Torrie
torriem at chem.byu.edu
Fri Jun 15 10:29:26 MDT 2007
On Fri, 2007-06-15 at 09:39 -0600, Steven Alligood wrote:
> "unlimited funds" and "1-4GB of traffic" being the key words here, I
> would strongly suggest a commercial product.
> You can do very well on the lower end traffic scale (a couple hundred
> MB/sec) with open source and PC hardware, but once you start throwing
> around some serious traffic, you will find that the commercial products
> just handle it better, often with very nice reporting tools.
> I am not saying that you cannot do it with non-commercial stuff, but you
> will have a lot more headaches dealing with that amount of traffic.
Yeah I used to believe that too. Until opened up our so-called
professional product. This was a medium-end Cisco PIX. Turned out it
had a Celeron processor in it and 3 ordinary, 100 Mb/s on-board nics.
And it's no different (except for a more powerful processor and gigabit
nics) on the higher end PIX's.
A PCI bus is a PCI bus. Very few firewalls are anything but ordinary pc
hardware. Slap a couple of gigabit, 64-bit cards (or PCI express) in a
beefy machine and you'll more than match the commercial solution. No
While it is true a router with ASIC hardware to do fabric switching is a
far cry from sticking a bunch of nics in a box, installing linux, and
calling it a router, I have not found the same idea to be true in the
realm of over-priced, so-called hardware firewalls. I built a linux
firewall out of a dell 1U server that handily matched if not beat a
$10,000 solution in terms of throughput.
> Daniel wrote:
> > It sounds like pfSense is the way to go for the schools, given the
> > responses. Thank you.
> > Now let's say you had to secure about 1-4GBs of traffic and you had
> > unlimited funds would you still go with pfSense or would you go with a
> > commercial solution like Juniper, or Cisco? Does anyone have
> > experience with a Juniper or any other commercial solution and
> > pfSense?
> > -Daniel
> > On 6/15/07, Lars Rasmussen <lars.rasmussen at gmail.com> wrote:
> >> Look no further than pfSense for your firewall.
> >> I've been using pfSense since the alpha releases - I previously used
> >> m0n0wall. Before m0n0wall I was using a floppy disk to boot a Linux
> >> based firewall. I've used pfSense at work and at home.
> >> pfSense will let you enforce QoS(even has a wizard for prioritization
> >> of VoIP & common applications/traffic types). pfSense allows for
> >> failover & multiple WAN connections, and has multiple VPN types as
> >> part of the standard feature set.
> >> You can add features(packages) if you so desire. One of my Windows
> >> buddies still marvels at how he doesn't even think about his pfSense
> >> box - it just sits in the closet and runs.
> >> I am currently using pfSense at home with Comcast & Vonage; it allows
> >> me to coexist with BitTorrent nicely, and the pfSense project seems to
> >> have more active development than any of the Linux-based firewall
> >> projects.
> >> It is straightforward to install pfSense yourself, but you could
> >> alternately buy an appliance that contains no moving parts & likely
> >> increase your uptimes to years. Here's what the console portion of
> >> the pfSense installation looks like:
> >> http://www.metacafe.com/watch/584867/install_pfsense_1_2beta1/
> >> Configuration after this point is handled via the web interface.
> >> --
> >> Lars
> >> /*
> >> PLUG: http://plug.org, #utah on irc.freenode.net
> >> Unsubscribe: http://plug.org/mailman/options/plug
> >> Don't fear the penguin.
> >> */
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG