<div dir="ltr">I feel gimped for not bringing up Vyatta before, but I think it is more of a router than a firewall, but I suppose really what matters is the functionality not the pidgeonhole label on the side. Vyatta can be quite solid as well, though if you recall some issues not so long ago with glovine/SAU vyatta solution, so as David says you really have to be careful about CPU usage through bandwidth or complicated features. Something to keep in mind.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 9, 2013 at 1:57 PM, Paul Gear <span dir="ltr"><<a href="mailto:ausnog@libertysys.com.au" target="_blank">ausnog@libertysys.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>I'm currently working on a project to
rebuild our infrastructure with 90% VM-based firewalls. Our
performance requirements are not that demanding (no 10 Gbps) so
we're not concerned about that side of things.<br>
<br>
We reviewed pfSense and a few Linux-based firewall appliances, but
ended up going with Vyatta, mainly because it's free as in beer
($0), free as in speech (GPL), we think the Junos-like
configuration system has more legs for automation than the
appliance-style approach that pfSense and the like use. (We want
to be able to push changes to multiple firewalls in parallel in an
automated fashion.) And being an old Linux guy, Debian is a lot
more comfortable as a base than FreeBSD for me.<br>
<br>
We ran into some show-stopping bugs with pfSense's driver for
Intel E1000 NICs (both virtual and physical). Vyatta has been
rock-solid for us so far in the places we've deployed it.<span class="HOEnZb"><font color="#888888"><br>
<br>
Paul</font></span><div><div class="h5"><br>
<br>
On 08/09/2013 10:27 AM, Alex Samad - Yieldbroker wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div>
<p class="MsoNormal"><span>Hi</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>So what is the current industry
thought on using VM firewalls. And to take that further what
is the thought of using a plan OS for a firewall, thinking
Linux or BSD.</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>Alex</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<div>
<div>
<div>
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG
[<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>James Braunegg<br>
<b>Sent:</b> Thursday, 8 August 2013 9:49 PM<br>
<b>To:</b> Michael Andreas Schipp; Ed Hallett<br>
<b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] Application Firewall
Recommendations</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="EN-US">Dear Ed</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">A10 Networks have the
SoftAX Virtual machine which you can run as a VM – Further
WAF information on the A10 Solution can be found here –
</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"><a href="http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf" target="_blank">http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf</a>
</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Also the new A10 Cloud
offering coming soon, will provide WAF as SaaS</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Both options I highly
recommend</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Kindest Regards</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<div>
<p class="MsoNormal"><b><span lang="EN-US">James Braunegg<br>
</span></b><b><span lang="EN-US">P:</span></b><span lang="EN-US"> 1300 769 972 |
<b>M:</b> 0488 997 207 | <b>D:</b> (03) 9751 7616</span></p>
<p class="MsoNormal"><b><span lang="EN-US">E:</span></b><span lang="EN-US">
</span><span lang="EN-US"><a href="mailto:james.braunegg@micron21.com" target="_blank"><span>james.braunegg@micron21.com</span></a></span><span lang="EN-US"> | <b>ABN:</b> <a href="tel:12%20109%20977%20666" value="+12109977666" target="_blank">12 109 977 666</a> <br>
<b>W:</b> <a href="http://www.micron21.com/tv-hosting" target="_blank"><span>www.micron21.com/tv-hosting</span></a>
<b>T:</b> @micron21</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"><br>
<img src="cid:part4.00000303.02040004@libertysys.com.au" alt="Description: Description: Description:
Description: M21.jpg" height="39" width="250"><br>
</span><span>This message is intended for the addressee
named above. It may contain privileged or confidential
information. If you are not the intended recipient of
this message you must not use, copy, distribute or
disclose it to anyone other than the addressee. If you
have received this message in error please return the
message to the sender by replying to it and then delete
the message from your computer.</span><span lang="EN-US"></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<div>
<div>
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Michael Andreas Schipp<br>
<b>Sent:</b> Thursday, August 08, 2013 9:50 AM<br>
<b>To:</b> Ed Hallett<br>
<b>Cc:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] Application Firewall
Recommendations</span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-GB">Hi Ed,</span></p>
<p class="MsoNormal"><span lang="EN-GB"> If as
others have say, you decide to look at WAF and reverse
proxies, I would suggest you to look at the following
vendors;</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB"> A10
Networks</span></p>
<p class="MsoNormal"><span lang="EN-GB"> Citrix</span></p>
<p class="MsoNormal"><span lang="EN-GB"> F5</span></p>
<p class="MsoNormal"><span lang="EN-GB">Imperva</span></p>
<p class="MsoNormal"><span lang="EN-GB">Radware</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB">Narrow it down to 2 or
3 and do a PoC (most If not all of us will be able to
offer hardware appliances or VM’s)</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB">I can help in getting
anything you may need from the A10 (<a href="http://www.a10networks.com" target="_blank">www.a10networks.com</a>)
side, just let me know.</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Thank you,<br>
<b> <br>
</b>Michael A Schipp<b><br>
</b></span><span>Regional SE Manager ANZ</span></p>
<p class="MsoNormal"><b><span lang="EN-US">A10 Networks</span></b><span></span></p>
<p class="MsoNormal"><a name="1406139905b40eec__MailEndCompose"></a><span lang="EN-GB"> </span></p>
<div>
<div>
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG [<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">mailto:ausnog-bounces@lists.ausnog.net</a>]
<b>On Behalf Of </b>Ed Hallett<br>
<b>Sent:</b> Tuesday, 6 August 2013 10:12 AM<br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> [AusNOG] Application Firewall
Recommendations</span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Hi people,</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Just a simple
question, but with a not so simple answer.</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">We manage
considerable clients with ‘cloud’ based servers within
Telstra’s utility hosting.</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">We used to use TMG
as a firewall / gateway / security for clients who
requested these features, but this is no longer
possible.</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">I need
recommendations on application based (non VM)
firewalls which can be installed on server 08 / 12 and
capable of the same feature set as TMG. Not as easy to
find now..</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">So, I ask my
esteemed peers for words of wisdom.</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Well, words,
anyway.</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Kind regards,</span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Ed Hallett</span></p>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><div class="im"><pre>_______________________________________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</div></blockquote>
<br>
</div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>