[AusNOG] Firewall
Skeeve Stevens
skeeve+ausnog at theispguy.com
Wed Feb 25 10:27:17 EST 2015
If you want pure speed and grunt, then physical boxes are the way to go.
But, when you're requirements are less than a few gig, then yes,
virtualised equipment is just fine.
For example... in my offices in Asia, it was so damn hard to obtain/source
equipment from distribution, taxes, bribes, delays, etc... we now longer
sell Cisco/Juniper hardware.
We deploy only easily to obtain server hardware - mostly Dell or HP, and
put ESXi (looking at other options too), and run up vSRX (Firefly), vASA,
vThunder and many other fully virtualised platforms.
This enables the customers to get what they need in hours, and not
weeks/months. The last SRX240's I ordered in SE Asia had an ETA of 7
weeks... I mean, wtf? Most have grace periods of licensing at 14-90 days,
so the customer can run up things in an emergency. They also get to
control the grade of hardware redundancy they want - which is often good in
some countries that do not even have SmartNet/JCare local services.
If the customer wants serious redundancy, they can upgrade to full VMware
at any time.
I find going to 10Gb in these environments more challenging, but getting
easier... but at the multi-gigabit capacity throughput, it works
perfectly. The only struggle initially was to get customers to accept a
Juniper or Cisco with a HP Box on the front. But at the end of the day, it
can do everything (and way way more) than they ever could by using hardware
- and much sooner.
...Skeeve
--
Skeeve Stevens - The ISP Guy
Email: skeeve at theispguy.com ; Twitter: @TheISPGuy
<https://twitter.com/TheISPGuy>
Blog: TheISPGuy.com <http://theispguy.com/> ; Facebook: TheISPGuy
<https://www.facebook.com/theispguy>
Linkedin: /in/skeeve <http://www.linkedin.com/in/skeeve> ; Expert360:
Profile <https://expert360.com/profile/d54a9>
On Tue, Feb 24, 2015 at 12:13 PM, Alex Samad - Yieldbroker <
Alex.Samad at yieldbroker.com> wrote:
> Hi
>
>
>
> Interesting, I just went to VMUG yesterday, listen to a lot about NSX…
> Previously tried to stay away because of the enterprise licensing cost, but
> relooking at it again.
>
>
>
> I noticed nobody mentioned it in the hypervisor env
>
> Is anyone running soft routers (VMs/non Hardware) as an ISP/provider.
>
>
>
> I thinking you can’t beat silicon for pure switching … routing ?? and then
> coupled with something further up the stack, does switching/routing on the
> host of a hypervisor make more sense ?
>
>
>
> A
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Skeeve
> Stevens
> *Sent:* Tuesday, 24 February 2015 10:17 PM
> *To:* Sam Sarkis-UIP
> *Cc:* ausnog at lists.ausnog.net; ausnog at ausnog.net
> *Subject:* Re: [AusNOG] Firewall
>
>
>
> Sounds like an odd request... you mean it MUST be a Server based Firewall?
>
>
>
> If that is an issue, get around it by going VMware and using vASA or vSRX?
>
>
>
> ...Skeeve
>
>
> --
>
> Skeeve Stevens - The ISP Guy
>
> Email: skeeve at theispguy.com ; Twitter: @TheISPGuy
> <https://twitter.com/TheISPGuy>
>
> Blog: TheISPGuy.com <http://theispguy.com/> ; Facebook: TheISPGuy
> <https://www.facebook.com/theispguy>
>
> Linkedin: /in/skeeve <http://www.linkedin.com/in/skeeve> ; Expert360:
> Profile <https://expert360.com/profile/d54a9>
>
>
>
> On Mon, Feb 23, 2015 at 9:09 PM, Sam Sarkis-UIP <ssarkis at unitedip.net.au>
> wrote:
>
>
>
> Hi All,
>
>
>
> I know this is strange but we have a specific requirement for a customer.
>
>
>
> Does anyone know or recommend a firewall / UTM software that can be
> installed on an existing Windows, Redhat, SuSE, or Centos Server.
>
>
>
> We would prefer a commercial package.
>
>
>
> We cannot overwrite the existing os and have to work within any of the
> above mentions platforms only.
>
>
>
> Kind Regards
>
>
>
> Sam
>
>
>
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150224/bba048c7/attachment.html>
More information about the AusNOG
mailing list