[AusNOG] Application Firewall Recommendations

Joshua D'Alton joshua at railgun.com.au
Fri Aug 9 14:09:46 EST 2013 

I feel gimped for not bringing up Vyatta before, but I think it is more of
a router than a firewall, but I suppose really what matters is the
functionality not the pidgeonhole label on the side. Vyatta can be quite
solid as well, though if you recall some issues not so long ago with
glovine/SAU vyatta solution, so as David says you really have to be careful
about CPU usage through bandwidth or complicated features. Something to
keep in mind.


On Fri, Aug 9, 2013 at 1:57 PM, Paul Gear <ausnog at libertysys.com.au> wrote:

>  I'm currently working on a project to rebuild our infrastructure with
> 90% VM-based firewalls.  Our performance requirements are not that
> demanding (no 10 Gbps) so we're not concerned about that side of things.
>
> We reviewed pfSense and a few Linux-based firewall appliances, but ended
> up going with Vyatta, mainly because it's free as in beer ($0), free as in
> speech (GPL), we think the Junos-like configuration system has more legs
> for automation than the appliance-style approach that pfSense and the like
> use.  (We want to be able to push changes to multiple firewalls in parallel
> in an automated fashion.)  And being an old Linux guy, Debian is a lot more
> comfortable as a base than FreeBSD for me.
>
> We ran into some show-stopping bugs with pfSense's driver for Intel E1000
> NICs (both virtual and physical).  Vyatta has been rock-solid for us so far
> in the places we've deployed it.
>
> Paul
>
>
> On 08/09/2013 10:27 AM, Alex Samad - Yieldbroker wrote:
>
>  Hi
>
>
>
> So what is the current industry thought on using VM firewalls. And to take
> that further what is the thought of using a plan OS for a firewall,
> thinking Linux or BSD.
>
>
>
> Alex
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net<ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *James Braunegg
> *Sent:* Thursday, 8 August 2013 9:49 PM
> *To:* Michael Andreas Schipp; Ed Hallett
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Application Firewall Recommendations
>
>
>
> Dear Ed
>
>
>
> A10 Networks have the SoftAX Virtual machine which you can run as a VM –
> Further WAF information on the A10 Solution can be found here –
>
>
>
>
> http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf
>
>
>
> Also the new A10 Cloud offering coming soon, will provide WAF as SaaS
>
>
>
> Both options I highly recommend
>
>
>
> Kindest Regards
>
>
>
> *James Braunegg
> **P:*  1300 769 972  |  *M:*  0488 997 207 |  *D:*  (03) 9751 7616
>
> *E:*   james.braunegg at micron21.com  |  *ABN:*  12 109 977 666
> *W:*  www.micron21.com/tv-hosting  *T:* @micron21
>
>
>
>
> [image: Description: Description: Description: Description: M21.jpg]
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net<ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *Michael Andreas Schipp
> *Sent:* Thursday, August 08, 2013 9:50 AM
> *To:* Ed Hallett
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Application Firewall Recommendations
>
>
>
> Hi Ed,
>
>               If as others have say, you decide to look at WAF and reverse
> proxies, I would suggest you to look at the following vendors;
>
>
>
>               A10 Networks
>
>               Citrix
>
>               F5
>
> Imperva
>
> Radware
>
>
>
> Narrow it down to 2 or 3 and do a PoC (most If not all of us will be able
> to offer hardware appliances or VM’s)
>
>
>
> I can help in getting anything you may need from the A10 (
> www.a10networks.com) side, just let me know.
>
>
>
> Thank you,
> *
> *Michael A Schipp*
> *Regional SE Manager ANZ
>
> *A10 Networks*
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net<ausnog-bounces at lists.ausnog.net>]
> *On Behalf Of *Ed Hallett
> *Sent:* Tuesday, 6 August 2013 10:12 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* [AusNOG] Application Firewall Recommendations
>
>
>
> Hi people,
>
>
>
> Just a simple question, but with a not so simple answer.
>
>
>
> We manage considerable clients with ‘cloud’ based servers within Telstra’s
> utility hosting.
>
> We used to use TMG as a firewall / gateway / security for clients who
> requested these features,  but this is no longer possible.
>
>
>
> I need recommendations on application based (non VM) firewalls which can
> be installed on server 08 / 12 and capable of the same feature set as TMG.
> Not as easy to find now..
>
>
>
> So, I ask my esteemed peers for words of wisdom.
>
> Well, words, anyway.
>
>
>
> Kind regards,
>
> Ed Hallett
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/4b4eb664/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130809/4b4eb664/attachment.jpe>

More information about the AusNOG mailing list