<div dir="ltr">I feel gimped for not bringing up Vyatta before, but I think it is more of a router than a firewall, but I suppose really what matters is the functionality not the pidgeonhole label on the side. Vyatta can be quite solid as well, though if you recall some issues not so long ago with glovine/SAU vyatta solution, so as David says you really have to be careful about CPU usage through bandwidth or complicated features. Something to keep in mind.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 9, 2013 at 1:57 PM, Paul Gear <span dir="ltr"><<a href="mailto:ausnog@libertysys.com.au" target="_blank">ausnog@libertysys.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>I'm currently working on a project to
      rebuild our infrastructure with 90% VM-based firewalls.  Our
      performance requirements are not that demanding (no 10 Gbps) so
      we're not concerned about that side of things.<br>
      <br>
      We reviewed pfSense and a few Linux-based firewall appliances, but
      ended up going with Vyatta, mainly because it's free as in beer
      ($0), free as in speech (GPL), we think the Junos-like
      configuration system has more legs for automation than the
      appliance-style approach that pfSense and the like use.  (We want
      to be able to push changes to multiple firewalls in parallel in an
      automated fashion.)  And being an old Linux guy, Debian is a lot
      more comfortable as a base than FreeBSD for me.<br>
      <br>
      We ran into some show-stopping bugs with pfSense's driver for
      Intel E1000 NICs (both virtual and physical).  Vyatta has been
      rock-solid for us so far in the places we've deployed it.<span class="HOEnZb"><font color="#888888"><br>
      <br>
      Paul</font></span><div><div class="h5"><br>
      <br>
      On 08/09/2013 10:27 AM, Alex Samad - Yieldbroker wrote:<br>
    </div></div></div>
    <blockquote type="cite"><div><div class="h5">
      
      
      <div>
        <p class="MsoNormal"><span>Hi</span></p>
        <p class="MsoNormal"><span> </span></p>
        <p class="MsoNormal"><span>So what is the current industry
            thought on using VM firewalls. And to take that further what
            is the thought of using a plan OS for a firewall, thinking
            Linux or BSD.</span></p>
        <p class="MsoNormal"><span> </span></p>
        <p class="MsoNormal"><span>Alex</span></p>
        <p class="MsoNormal"><span> </span></p>
        <p class="MsoNormal"><span> </span></p>
        <div>
          <div>
            <div>
              <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG
                  [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
                  <b>On Behalf Of </b>James Braunegg<br>
                  <b>Sent:</b> Thursday, 8 August 2013 9:49 PM<br>
                  <b>To:</b> Michael Andreas Schipp; Ed Hallett<br>
                  <b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
                  <b>Subject:</b> Re: [AusNOG] Application Firewall
                  Recommendations</span></p>
            </div>
          </div>
          <p class="MsoNormal"> </p>
          <p class="MsoNormal"><span lang="EN-US">Dear Ed</span></p>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <p class="MsoNormal"><span lang="EN-US">A10 Networks have the
              SoftAX Virtual machine which you can run as a VM – Further
              WAF information on the A10 Solution can be found here –
            </span></p>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <p class="MsoNormal"><span lang="EN-US"><a href="http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf" target="_blank">http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf</a>
            </span></p>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <p class="MsoNormal"><span lang="EN-US">Also the new A10 Cloud
              offering coming soon, will provide WAF as SaaS</span></p>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <p class="MsoNormal"><span lang="EN-US">Both options I highly
              recommend</span></p>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <p class="MsoNormal"><span lang="EN-US">Kindest Regards</span></p>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <div>
            <p class="MsoNormal"><b><span lang="EN-US">James Braunegg<br>
                </span></b><b><span lang="EN-US">P:</span></b><span lang="EN-US">  1300 769 972  | 
                <b>M:</b>  0488 997 207 |  <b>D:</b>  (03) 9751 7616</span></p>
            <p class="MsoNormal"><b><span lang="EN-US">E:</span></b><span lang="EN-US">  
              </span><span lang="EN-US"><a href="mailto:james.braunegg@micron21.com" target="_blank"><span>james.braunegg@micron21.com</span></a></span><span lang="EN-US">  |  <b>ABN:</b>  <a href="tel:12%20109%20977%20666" value="+12109977666" target="_blank">12 109 977 666</a>   <br>

                <b>W:</b>  <a href="http://www.micron21.com/tv-hosting" target="_blank"><span>www.micron21.com/tv-hosting</span></a>
                 <b>T:</b> @micron21</span></p>
            <p class="MsoNormal"><span lang="EN-US"> </span></p>
            <p class="MsoNormal"><span lang="EN-US"><br>
                <img src="cid:part4.00000303.02040004@libertysys.com.au" alt="Description: Description: Description:
                  Description: M21.jpg" height="39" width="250"><br>
              </span><span>This message is intended for the addressee
                named above. It may contain privileged or confidential
                information. If you are not the intended recipient of
                this message you must not use, copy, distribute or
                disclose it to anyone other than the addressee. If you
                have received this message in error please return the
                message to the sender by replying to it and then delete
                the message from your computer.</span><span lang="EN-US"></span></p>
          </div>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <div>
            <div>
              <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
                  <b>On Behalf Of </b>Michael Andreas Schipp<br>
                  <b>Sent:</b> Thursday, August 08, 2013 9:50 AM<br>
                  <b>To:</b> Ed Hallett<br>
                  <b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
                  <b>Subject:</b> Re: [AusNOG] Application Firewall
                  Recommendations</span></p>
            </div>
          </div>
          <p class="MsoNormal"><span lang="EN-US"> </span></p>
          <p class="MsoNormal"><span lang="EN-GB">Hi Ed,</span></p>
          <p class="MsoNormal"><span lang="EN-GB">              If as
              others have say, you decide to look at WAF and reverse
              proxies, I would suggest you to look at the following
              vendors;</span></p>
          <p class="MsoNormal"><span lang="EN-GB"> </span></p>
          <p class="MsoNormal"><span lang="EN-GB">              A10
              Networks</span></p>
          <p class="MsoNormal"><span lang="EN-GB">              Citrix</span></p>
          <p class="MsoNormal"><span lang="EN-GB">              F5</span></p>
          <p class="MsoNormal"><span lang="EN-GB">Imperva</span></p>
          <p class="MsoNormal"><span lang="EN-GB">Radware</span></p>
          <p class="MsoNormal"><span lang="EN-GB"> </span></p>
          <p class="MsoNormal"><span lang="EN-GB">Narrow it down to 2 or
              3 and do a PoC (most If not all of us will be able to
              offer hardware appliances or VM’s)</span></p>
          <p class="MsoNormal"><span lang="EN-GB"> </span></p>
          <p class="MsoNormal"><span lang="EN-GB">I can help in getting
              anything you may need from the A10 (<a href="http://www.a10networks.com" target="_blank">www.a10networks.com</a>)
              side, just let me know.</span></p>
          <p class="MsoNormal"><span lang="EN-GB"> </span></p>
          <p class="MsoNormal"><span lang="EN-US">Thank you,<br>
              <b> <br>
              </b>Michael A Schipp<b><br>
              </b></span><span>Regional SE Manager ANZ</span></p>
          <p class="MsoNormal"><b><span lang="EN-US">A10 Networks</span></b><span></span></p>
          <p class="MsoNormal"><a name="1406139905b40eec__MailEndCompose"></a><span lang="EN-GB"> </span></p>
          <div>
            <div>
              <p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
                  <b>On Behalf Of </b>Ed Hallett<br>
                  <b>Sent:</b> Tuesday, 6 August 2013 10:12 AM<br>
                  <b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
                  <b>Subject:</b> [AusNOG] Application Firewall
                  Recommendations</span></p>
            </div>
          </div>
          <p class="MsoNormal"><span lang="EN-GB"> </span></p>
          <div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">Hi people,</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB"> </span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">Just a simple
                  question, but with a not so simple answer.</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB"> </span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">We manage
                  considerable clients with ‘cloud’ based servers within
                  Telstra’s utility hosting.</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">We used to use TMG
                  as a firewall / gateway / security for clients who
                  requested these features,  but this is no longer
                  possible.</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB"> </span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">I need
                  recommendations on application based (non VM)
                  firewalls which can be installed on server 08 / 12 and
                  capable of the same feature set as TMG. Not as easy to
                  find now..</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB"> </span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">So, I ask my
                  esteemed peers for words of wisdom.</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">Well, words,
                  anyway.</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB"> </span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">Kind regards,</span></p>
            </div>
            <div>
              <p class="MsoNormal"><span lang="EN-GB">Ed Hallett</span></p>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><div class="im"><pre>_______________________________________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
    </div></blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>