-2

Our network separated into two networks, one behind vintage Cisco Pix 6xx firewall and other one based on Win2008 native firewall?? mainly for media (images/videos). Pix has a limitation of 100Mbit while applications and databases never exceed 80Mbit , media (outside of firewall) grown to 300Mbit this is why it is outside of secured by firewall network.

My question is is there some fine quality and cheap firewall to support 1Gbit bandwidth or better to get 1Gbit switch layer 3 with an Access List to prevent unauthorized access for cheapest and best solution.

We can't spend 10k on new firewall and i am aware that new one will have proper modules to deal with different kind of attacks...

price range we are looking at is 2k-4k max...

Any ideas or suggestions will be good... Thanks

eugeneK
  • 410
  • 2
  • 8
  • 18

3 Answers3

0

A Linux box with a couple of gigabit NICs will do all this and more, at a budget well under $2k.

womble
  • 96,255
  • 29
  • 175
  • 230
  • What distro do you advice ? I need easy configurable distro because i'm Windows guy with zero Linux knowledge and no time to learn how to configure open source applications... – eugeneK Nov 03 '09 at 14:36
  • But you'd have time to learn how to configure an L3 switch? – womble Nov 03 '09 at 14:40
  • I'd recommend whichever distro the person you bring in to set the machine up for you decides to use. – womble Nov 03 '09 at 14:41
  • 1
    are you comparing learning to be network expert in Linux to learning how to use switch with web gui ? – eugeneK Nov 03 '09 at 14:46
  • Who said anything about needing to be a network expert in Linux? – womble Nov 03 '09 at 19:44
0

You should consider using a standard Linux box with the appropriate number of gigabit NICs. You can use Pfsense as the OS, it will do everything you want through a website interface.

Antoine Benkemoun
  • 7,314
  • 3
  • 42
  • 60
  • I don't know Linux at all,,, only thing i can do is to install Ubuntu Live CD,,, heh – eugeneK Nov 03 '09 at 13:34
  • A standard linux box running PFsense makes no sense. PFsense runs BSD. Also how beefy a machine would be required to actually push a constant GB each way? – Cian Nov 03 '09 at 14:45
  • A standard 1U server that you can buy today will push Gigabit wire speeds without a problem. The problem is usually more the number of TCP sessions to route/filter then the bandwidth. Pfsense is as simple to install as a Ubuntu Live CD (well, almost). – Antoine Benkemoun Nov 03 '09 at 14:53
0

I think the answer to this question relies heavily on what your actual throughput is expected to be. You can push gigabit speeds with a Linux host but it would require some careful tuning that might be outside of your expertise. At the less than 500 megabit mark you are in a different situation though and a reasonable fast host should be able to do it. This is also true for Openbsd and other bsd family members which make excellent firewalls. I think the above poster got it right in that in that price range you are solidly in the "do it yourself" category. If you want a slightly more managed package you could speak with the Vyatta people who have built a fairly pleasant network centric Linux distribution based on the Xorp router that runs on re-branded commodity hardware.

MattyB
  • 1,003
  • 5
  • 6
  • i'm not "into do-it-yourself" and i don't have any knowledge on Linux or other Unix based distros. I will check Vyatta though... – eugeneK Nov 03 '09 at 13:36