[unisog] SEF 8.0 with loading balancing or Checkpoint FW-1 wi th 3Com 6200 security switch?

Getchell, Adam acgetchell at ucdavis.edu
Tue Nov 16 19:29:50 GMT 2004


Well, knowing that you've already specified a firewall, but (especially in
your neck of the woods) have you looked at OpenBSD 3.6 with PF? Using CARP
and ifstated, it load-balances beautifully. The price ($45 for a CD) beats
what you're going to pay. We've had a lot of success implementing them here
at UCD, and I even have a recipe for building a diskless, flash-memory
read-only system on a $300 OpenBrick-E:

http://insecure.ucdavis.edu/OpenBSD/openbrick

Or for more official documentation, see:

ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt

If you look it over, you'll find pf to be amazingly powerful and easy to
read and understand. I have some presentation slides if you want to see
examples.

***************
* Adam Getchell, M.S.
* Application Developer
* College of Agricultural & Environmental Sciences Deans' Office
* acgetchell at ucdavis.edu      (530)752-9284
***************
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu 

> -----Original Message-----
> From: unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Wayne Chow
> Sent: Tuesday, November 16, 2004 10:06 AM
> To: 'UNIversity Security Operations Group'
> Subject: [unisog] SEF 8.0 with loading balancing or 
> Checkpoint FW-1 with 3Com 6200 security switch?
> 
> 
> Hi all,
> 
> Does anyone have experience with the firewalls below?
> 
> 1) One 3Com 6200 security switch with checkpoint FW-1
> 
> or 
> 
> 2) Two Windows 2003 servers with Symantec Enterprise Firewall 
> 8.0 and load balancing enabled?
> 
> We are in the process of planning for the upgrade of our 
> firewall and we need to decide which one of the above we 
> should implement.  The decision factors are reliablity, 
> scalability and throughput.
> 
> Can you please share your experience with either of the 
> firewall technogies.
> Any comments or feedback would be greatly appreciated.
> 
> 
> Cheers,
> 
> Wayne Chow
> Network Administrator
> Faculty of Dentistry, University of Toronto
> 124 Edward Street, Suite 458A
> Toronto, Ontario M5G 1G6
> (416) 979-4900 Ext. 4620
> (416) 979-4936 Fax
> 	
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 



More information about the unisog mailing list