[AusNOG] Firewall thoughts

Chris Gibbs chris.t.gibbs at gmail.com
Tue Mar 10 09:15:34 EST 2015


Hey all,

I'm currently working on a project for a client to implement a number of
firewalls

The main features I'm looking for are

Virtual
1Gbps throguhput
connections/sec will be quite low.
OSPF
VRRP / HA features
Application inspection
AV/malware inspection
Centrally managed

I have had the Checkpoint virtual appliances in a cluster with the
associated central manager testing for quite a while. It fits the bill and
works the way I want, it is now time to roll-out to other sites.

However, licensing and bang-for-buck seems a bit extreme and I just want to
do a final check before going down the Checkpoint path.

Eventually it will be deployed to 9 sites with the same configuration/zones
at each site. No URL filtering or VPN features are required.

I have been looking at the Fortinet virtual series or Cisco ASA (with
Firepower) and would appreciate people's thoughts.

The ASA series I have quite a bit of experience with but they are not
virtual and the "Firepower" components are very new to market. I also
haven't had a chance to play with their central manager tool FireSight.

Fortient I have zero experience with but they rated highly in the 2014
Gartner report (If that is worth anything anymore??) and tick all the
requirements. Any recommendations for supplies would be appreciated.

I have also been looking at the Palo Alto Firewalls, which I have
experience in but they are on the top end for price and based on my
experiences with their 2050 series (slow management, random rebooting),
would be a little worried moving onto their virtual platform.

Cheers

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150310/6152c98f/attachment.html>


More information about the AusNOG mailing list