[AusNOG] Application Firewall Recommendations

David Hills list at chippo.net.nz
Fri Aug 9 13:54:28 EST 2013 

For FOSS, it's hard to beat PFSense.

To weigh in from a commercial perspective, Fortinet's FortiGate VMs run on
VMWare & Xen, and they recently added KVM and Hyper-V support as well.

They do everything the hardware can do but come with the warning: You're
relying on the CPU in your virtual platform, when everything's going
perfectly then everything works perfectly. If you come under any type of
DoS you don't have shiny ASICs to eat that extra load for you.

my 2c.

David


On 9 August 2013 12:27, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com
> wrote:

>  Hi****
>
> ** **
>
> So what is the current industry thought on using VM firewalls. And to take
> that further what is the thought of using a plan OS for a firewall,
> thinking Linux or BSD.****
>
> ** **
>
> Alex****
>
> ** **
>
> ** **
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *James
> Braunegg
> *Sent:* Thursday, 8 August 2013 9:49 PM
> *To:* Michael Andreas Schipp; Ed Hallett
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Application Firewall Recommendations****
>
> ** **
>
> Dear Ed****
>
> ** **
>
> A10 Networks have the SoftAX Virtual machine which you can run as a VM –
> Further WAF information on the A10 Solution can be found here – ****
>
> ** **
>
>
> http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf
> ****
>
> ** **
>
> Also the new A10 Cloud offering coming soon, will provide WAF as SaaS****
>
> ** **
>
> Both options I highly recommend****
>
> ** **
>
> Kindest Regards****
>
> ** **
>
> *James Braunegg
> **P:*  1300 769 972  |  *M:*  0488 997 207 |  *D:*  (03) 9751 7616****
>
> *E:*   james.braunegg at micron21.com  |  *ABN:*  12 109 977 666
> *W:*  www.micron21.com/tv-hosting  *T:* @micron21****
>
> ** **
>
>
> [image: Description: Description: Description: Description: M21.jpg]
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.****
>
> ** **
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net<ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *Michael Andreas Schipp
> *Sent:* Thursday, August 08, 2013 9:50 AM
> *To:* Ed Hallett
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Application Firewall Recommendations****
>
> ** **
>
> Hi Ed,****
>
>               If as others have say, you decide to look at WAF and reverse
> proxies, I would suggest you to look at the following vendors;****
>
> ** **
>
>               A10 Networks****
>
>               Citrix****
>
>               F5****
>
> Imperva****
>
> Radware****
>
> ** **
>
> Narrow it down to 2 or 3 and do a PoC (most If not all of us will be able
> to offer hardware appliances or VM’s)****
>
> ** **
>
> I can help in getting anything you may need from the A10 (
> www.a10networks.com) side, just let me know.****
>
> ** **
>
> Thank you,
> *
> *Michael A Schipp*
> *Regional SE Manager ANZ****
>
> *A10 Networks*****
>
> ** **
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net<ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *Ed Hallett
> *Sent:* Tuesday, 6 August 2013 10:12 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* [AusNOG] Application Firewall Recommendations****
>
> ** **
>
> Hi people,****
>
>  ****
>
> Just a simple question, but with a not so simple answer.****
>
>  ****
>
> We manage considerable clients with ‘cloud’ based servers within Telstra’s
> utility hosting.****
>
> We used to use TMG as a firewall / gateway / security for clients who
> requested these features,  but this is no longer possible.****
>
>  ****
>
> I need recommendations on application based (non VM) firewalls which can
> be installed on server 08 / 12 and capable of the same feature set as TMG.
> Not as easy to find now..****
>
>  ****
>
> So, I ask my esteemed peers for words of wisdom.****
>
> Well, words, anyway.****
>
>  ****
>
> Kind regards,****
>
> Ed Hallett****
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/cc972198/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/cc972198/attachment.jpg>

More information about the AusNOG mailing list