[AusNOG] Application Firewall Recommendations
Luke Iggleden
luke+ausnog at sisgroup.com.au
Fri Aug 9 14:12:20 EST 2013
Vyatta is fine for the most part. Had some nice bugs which have been
gotchyas for some deployments we've used.
I would definitely recommend Vyatta for BGP + Routing (packets).
PFSense for stateful though.
-L
On 9/08/13 2:09 PM, Joshua D'Alton wrote:
> I feel gimped for not bringing up Vyatta before, but I think it is more
> of a router than a firewall, but I suppose really what matters is the
> functionality not the pidgeonhole label on the side. Vyatta can be quite
> solid as well, though if you recall some issues not so long ago with
> glovine/SAU vyatta solution, so as David says you really have to be
> careful about CPU usage through bandwidth or complicated features.
> Something to keep in mind.
>
>
> On Fri, Aug 9, 2013 at 1:57 PM, Paul Gear <ausnog at libertysys.com.au
> <mailto:ausnog at libertysys.com.au>> wrote:
>
> I'm currently working on a project to rebuild our infrastructure
> with 90% VM-based firewalls. Our performance requirements are not
> that demanding (no 10 Gbps) so we're not concerned about that side
> of things.
>
> We reviewed pfSense and a few Linux-based firewall appliances, but
> ended up going with Vyatta, mainly because it's free as in beer
> ($0), free as in speech (GPL), we think the Junos-like configuration
> system has more legs for automation than the appliance-style
> approach that pfSense and the like use. (We want to be able to push
> changes to multiple firewalls in parallel in an automated fashion.)
> And being an old Linux guy, Debian is a lot more comfortable as a
> base than FreeBSD for me.
>
> We ran into some show-stopping bugs with pfSense's driver for Intel
> E1000 NICs (both virtual and physical). Vyatta has been rock-solid
> for us so far in the places we've deployed it.
>
> Paul
>
>
> On 08/09/2013 10:27 AM, Alex Samad - Yieldbroker wrote:
>>
>> Hi
>>
>> So what is the current industry thought on using VM firewalls. And
>> to take that further what is the thought of using a plan OS for a
>> firewall, thinking Linux or BSD.
>>
>> Alex
>>
>> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf
>> Of *James Braunegg
>> *Sent:* Thursday, 8 August 2013 9:49 PM
>> *To:* Michael Andreas Schipp; Ed Hallett
>> *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>> *Subject:* Re: [AusNOG] Application Firewall Recommendations
>>
>> Dear Ed
>>
>> A10 Networks have the SoftAX Virtual machine which you can run as
>> a VM – Further WAF information on the A10 Solution can be found
>> here –
>>
>> http://www.a10networks.com/resources/files/A10-SB-Web_Application_Firewall_WAF.pdf
>>
>>
>> Also the new A10 Cloud offering coming soon, will provide WAF as SaaS
>>
>> Both options I highly recommend
>>
>> Kindest Regards
>>
>> *James Braunegg
>> **P:* 1300 769 972 | *M:* 0488 997 207 | *D:* (03) 9751 7616
>>
>> *E:*james.braunegg at micron21.com
>> <mailto:james.braunegg at micron21.com> | *ABN:* 12 109 977 666
>> <tel:12%20109%20977%20666>
>> *W:* www.micron21.com/tv-hosting
>> <http://www.micron21.com/tv-hosting> *T:* @micron21
>>
>>
>> Description: Description: Description: Description: M21.jpg
>> This message is intended for the addressee named above. It may
>> contain privileged or confidential information. If you are not the
>> intended recipient of this message you must not use, copy,
>> distribute or disclose it to anyone other than the addressee. If
>> you have received this message in error please return the message
>> to the sender by replying to it and then delete the message from
>> your computer.
>>
>> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf
>> Of *Michael Andreas Schipp
>> *Sent:* Thursday, August 08, 2013 9:50 AM
>> *To:* Ed Hallett
>> *Cc:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>> *Subject:* Re: [AusNOG] Application Firewall Recommendations
>>
>> Hi Ed,
>>
>> If as others have say, you decide to look at WAF and
>> reverse proxies, I would suggest you to look at the following vendors;
>>
>> A10 Networks
>>
>> Citrix
>>
>> F5
>>
>> Imperva
>>
>> Radware
>>
>> Narrow it down to 2 or 3 and do a PoC (most If not all of us will
>> be able to offer hardware appliances or VM’s)
>>
>> I can help in getting anything you may need from the A10
>> (www.a10networks.com <http://www.a10networks.com>) side, just let
>> me know.
>>
>> Thank you,
>> *
>> *Michael A Schipp*
>> *Regional SE Manager ANZ
>>
>> *A10 Networks*
>>
>> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf
>> Of *Ed Hallett
>> *Sent:* Tuesday, 6 August 2013 10:12 AM
>> *To:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>> *Subject:* [AusNOG] Application Firewall Recommendations
>>
>> Hi people,
>>
>> Just a simple question, but with a not so simple answer.
>>
>> We manage considerable clients with ‘cloud’ based servers within
>> Telstra’s utility hosting.
>>
>> We used to use TMG as a firewall / gateway / security for clients
>> who requested these features, but this is no longer possible.
>>
>> I need recommendations on application based (non VM) firewalls
>> which can be installed on server 08 / 12 and capable of the same
>> feature set as TMG. Not as easy to find now..
>>
>> So, I ask my esteemed peers for words of wisdom.
>>
>> Well, words, anyway.
>>
>> Kind regards,
>>
>> Ed Hallett
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list