I'm also a big fan of Sidewinder G2 firewalls. However, I would like to point
out one thing. Technically, without an external load balancer, they are
considered "load sharing," not "load balanced." Tech support is very picky
about this, and for good reason. When you configure two Sidewinder G2
firewalls in a load sharing configuration, which firewall a TCP or UDP
connection is sent to is based on the source port. Connections with even
numbered source ports go to the primary firewall, and odd numbered source port
connections go to the secondary firewall. Still, we've found this does a
pretty good job for us. I can even perform "soft shutdowns" of the firewalls,
one at a time, during business hours with little to no disruption to our
customers (due to the nature of our online software). I envision us eventually
using an external load balancer, but for now, the peer-to-peer load sharing
Sidewinder G2 cluster works fine.
-------------------------
Matt Harrell
Plexus Systems
mhar@plex.com
________________________________
From: Bill Church [mailto:Bill.Church@bsius.com]
Sent: Wed 3/22/2006 4:18 PM
To: 3shool; dballester; Richard.StJohn; sbertrand
Cc: firewalls
Subject: RE: Enterprise Gigabit Firewall
I'd have to toss my $0.02 to Sidewinder G2 as well. Security record is pretty
outstanding, and the merger of CyberGuard just makes things better. You *can*
load balance a pair of them with out external hardware, however.
-Bill
-----Original Message-----
From: Richard St John [mailto:Richard.StJohn@gbe.com]
Sent: Wednesday, March 22, 2006 4:13 PM
To: sbertrand@cbihome.com; 3shool@gmail.com; dballester@kernpharma.com
Cc: firewalls@securityfocus.com
Subject: RE: Enterprise Gigabit Firewall
I can actually disagree with you. I know of a couple Fortune 500-1000 companies
that are basing their security posture on open source & free products. Two come
to mind here in St. Louis.
The rest I do agree with, I, personally, prefer the SideWinder G2 units because
they can do all 4 of his options as well the Gigabit requirements he has. As
for load balancing, the eval we did last year brought us to separate vendor
load balancing {firewalls and load balancing from different vendors} and we
chose Radware just due to the through put
Richard
"Shaun Bertrand" <sbertrand@cbihome.com> 03/22 12:21 PM >>>
Well, the first sentence says it all.
"We are planning to purchase an Enterprise Firewall for our Head Quarters."
How do you plan on supporting an enterprise environment with all free products?
Anyone working in a fortune 500 company knows there is no tolerance for free
programs. Especially in the security sector. No support, no standards, and when
it comes to compliancy assurance of the free program there is just no way. I
see your stance though, and would love if this were feasible.
I would suggest what you've already recommended yourself (checkpoint,
sonicwall) along with Symantec and Fortinet. I agree with Dave in regards to
putting all your eggs in one basket. Modify your budget to include a high
availability/load balanced solution.
Shaun
________________________________
From: David Ballester [mailto:dballester@kernpharma.com]
Sent: Wednesday, March 22, 2006 12:52 PM
To: 3 shool
Cc: firewalls@securityfocus.com
Subject: Re: Enterprise Gigabit Firewall
El mié, 22-03-2006 a las 15:34 +0530, 3 shool escribió:
Hello Everyone,
We are planning to purchase an Enterprise Firewall for our Head
Quarters. I have been doing some research recently on various possible
options. I do have budget restrictions and that is one important
factor which is going to influence management's decision.
WHat we need is an Enterprise Firewall that can:
1. Establish site-to-site VPN between our 4 branch locations
2. Establish client-to-site VPN for roaming users
3. Should support 500 Internet users at HO
4. Has a Gateway Antivirus, IPS and Content Filtering
Optionally, we also plan to move our SAP servers on this firewall in a
new zone. We would opt this only if the firewall provides us gigabit
throughput for our SAP servers.
For this solution I have been thinking of ISS, SonicWALL, Checkpoint
and Netscreen. It would be great if the list could put their thoughts
on what would be ideal for our scenario. I have also heard that
SonicWALL has a gigabit firewall model, Pro 5060. The price seems to
be really low compared to Checkpoint+Nokia, but would SonicWALL 5060
be a good option?
Thanks in advance.
GNU/Linux with iptables + IKE/Racoon ( ipsec ) , openvpn ( an very easy VPN ) +
Clamav ( antivirus ) + Snort ( IDS ) + bonding ethernets ?
All for free ( as beer ) and near for free ( as beer )
In any way, my 2 cents, don't concentrate all in one product/machine, if this
one goes down, all your services goes down with it. I like more the cluster
with low budget machines or blades aproach , but this is only MMO
Regards
David Ballester
_________________________________________________________________________________________
CBI prefers to send all email in a secure, encrypted, easy-to-use manner. We
are one of a few, select companies to have earned the Certified Solution
Partner (CSP) designation from PGP. To easily secure all future messages from
this sender using industry leading PGP Universal technology, please click this
link:
https://keys.cbihome.com:441/b/b.e?r=firewalls@securityfocus.com&n=scqOC7+QMRfgm/Q1ZuWGuw==
