[AusNOG] Application Firewall Recommendations

Paul Gear ausnog at libertysys.com.au
Fri Aug 9 13:57:35 EST 2013


I'm currently working on a project to rebuild our infrastructure with 
90% VM-based firewalls.  Our performance requirements are not that 
demanding (no 10 Gbps) so we're not concerned about that side of things.

We reviewed pfSense and a few Linux-based firewall appliances, but ended 
up going with Vyatta, mainly because it's free as in beer ($0), free as 
in speech (GPL), we think the Junos-like configuration system has more 
legs for automation than the appliance-style approach that pfSense and 
the like use.  (We want to be able to push changes to multiple firewalls 
in parallel in an automated fashion.)  And being an old Linux guy, 
Debian is a lot more comfortable as a base than FreeBSD for me.

We ran into some show-stopping bugs with pfSense's driver for Intel 
E1000 NICs (both virtual and physical).  Vyatta has been rock-solid for 
us so far in the places we've deployed it.

Paul

On 08/09/2013 10:27 AM, Alex Samad - Yieldbroker wrote:
>
> Hi
>
> So what is the current industry thought on using VM firewalls. And to 
> take that further what is the thought of using a plan OS for a 
> firewall, thinking Linux or BSD.
>
> Alex
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *James Braunegg
> *Sent:* Thursday, 8 August 2013 9:49 PM
> *To:* Michael Andreas Schipp; Ed Hallett
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Application Firewall Recommendations
>
> Dear Ed
>
> A10 Networks have the SoftAX Virtual machine which you can run as a VM 
> -- Further WAF information on the A10 Solution can be found here --
>
> http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf 
>
>
> Also the new A10 Cloud offering coming soon, will provide WAF as SaaS
>
> Both options I highly recommend
>
> Kindest Regards
>
> *James Braunegg
> **P:*  1300 769 972  | *M:*  0488 997 207 | *D:*  (03) 9751 7616
>
> *E:*james.braunegg at micron21.com <mailto:james.braunegg at micron21.com>  
> | *ABN:*  12 109 977 666
> *W:* www.micron21.com/tv-hosting <http://www.micron21.com/tv-hosting> 
> *T:* @micron21
>
>
> Description: Description: Description: Description: M21.jpg
> This message is intended for the addressee named above. It may contain 
> privileged or confidential information. If you are not the intended 
> recipient of this message you must not use, copy, distribute or 
> disclose it to anyone other than the addressee. If you have received 
> this message in error please return the message to the sender by 
> replying to it and then delete the message from your computer.
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Michael Andreas Schipp
> *Sent:* Thursday, August 08, 2013 9:50 AM
> *To:* Ed Hallett
> *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] Application Firewall Recommendations
>
> Hi Ed,
>
>               If as others have say, you decide to look at WAF and 
> reverse proxies, I would suggest you to look at the following vendors;
>
>               A10 Networks
>
>               Citrix
>
>               F5
>
> Imperva
>
> Radware
>
> Narrow it down to 2 or 3 and do a PoC (most If not all of us will be 
> able to offer hardware appliances or VM's)
>
> I can help in getting anything you may need from the A10 
> (www.a10networks.com <http://www.a10networks.com>) side, just let me know.
>
> Thank you,
> *
> *Michael A Schipp*
> *Regional SE Manager ANZ
>
> *A10 Networks*
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Ed Hallett
> *Sent:* Tuesday, 6 August 2013 10:12 AM
> *To:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
> *Subject:* [AusNOG] Application Firewall Recommendations
>
> Hi people,
>
> Just a simple question, but with a not so simple answer.
>
> We manage considerable clients with 'cloud' based servers within 
> Telstra's utility hosting.
>
> We used to use TMG as a firewall / gateway / security for clients who 
> requested these features,  but this is no longer possible.
>
> I need recommendations on application based (non VM) firewalls which 
> can be installed on server 08 / 12 and capable of the same feature set 
> as TMG. Not as easy to find now..
>
> So, I ask my esteemed peers for words of wisdom.
>
> Well, words, anyway.
>
> Kind regards,
>
> Ed Hallett
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/6c874365/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/6c874365/attachment.jpe>


More information about the AusNOG mailing list