[geeks] Firewall recommendation?

Tue Dec 6 15:22:58 CST 2005

On Tue, 6 Dec 2005 15:02:34 -0500, Nate wrote:
> Do you guys have favorite firewalls?  What I need for $dayjob is:  
> reliable, secure, low maintenance, good performance, can failover to  
> a secondary WAN when the primary goes down.

Of course!

You may want to have a look at Nokia's security appliances ... the ones
based around Checkpoint's FW-1. I haven't been keeping a close eye on
what's around, but the low-level features of FW-1 stomp the PIX/FWSM and
OpenBSD's pf into the ground.

I used to run a FW-1 box on a Sun UE250 for 5,000 users on a 1Gbps link
... well underspecced. Surpisingly enough it kept up with the load
suprisingly well although the MRTG CPU graphs were the sickest you've
ever seen (100% utilisation 24/7 mostly in kernel).

Downsides: Licensing is rumoured to be a hassle and it can be expensive.