From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 6 13:46:41 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1A1A106566B for ; Wed, 6 Aug 2008 13:46:41 +0000 (UTC) (envelope-from cmarlatt@rxsec.com) Received: from core.rxsec.com (core.rxsec.com [64.132.46.102]) by mx1.freebsd.org (Postfix) with SMTP id 8E2568FC0C for ; Wed, 6 Aug 2008 13:46:41 +0000 (UTC) (envelope-from cmarlatt@rxsec.com) Received: (qmail 62890 invoked by uid 2009); 6 Aug 2008 13:09:26 -0000 Received: from 10.1.0.101 by core.rxsec.com (envelope-from , uid 2008) with qmail-scanner-1.25-st-qms (clamdscan: 0.86.2/1102. spamassassin: 3.0.4. perlscan: 1.25-st-qms. Clear:RC:0(10.1.0.101):SA:0(-3.0/5.0):. Processed in 1.818326 secs); 06 Aug 2008 13:09:26 -0000 X-Spam-Status: No, hits=-3.0 required=5.0 X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com X-Antivirus-RXSEC: 1.25-st-qms (Clear:RC:0(10.1.0.101):SA:0(-3.0/5.0):. Processed in 1.818326 secs Process 62846) Received: from unknown (HELO ?10.1.0.101?) (cmarlatt@rxsec.com@10.1.0.101) by core.rxsec.com with SMTP; 6 Aug 2008 13:09:24 -0000 Message-ID: <4899A595.3040802@rxsec.com> Date: Wed, 06 Aug 2008 09:22:29 -0400 From: Chris Marlatt Organization: Receive Security User-Agent: Thunderbird 2.0.0.14 (X11/20080505) MIME-Version: 1.0 To: Jeremy Chadwick References: <20080805080520.GB3063@rebelion.Sisis.de> <0FCFCF6165E968449991746EB91D614D142FD4@antipi.jnpr.net> <48995F1F.4010209@minibofh.org> <20080806094411.GA51807@eos.sc1.parodius.com> In-Reply-To: <20080806094411.GA51807@eos.sc1.parodius.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 06 Aug 2008 14:02:44 +0000 Cc: Jordi Espasa Clofent , freebsd-hackers@freebsd.org Subject: Re: Q: case studies about scalable, enterprise-class firewall w/ IPFilter X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 13:46:42 -0000 Jeremy Chadwick wrote: > On Wed, Aug 06, 2008 at 10:21:51AM +0200, Jordi Espasa Clofent wrote: >>> Well, there are always Juniper Networks boxes :-) >> I do the same (even more in some points) as Juniper boxes with simple >> standard boxes with OpenBSD and PF. >> >> At present day my central FWs are simply standard 2 boxes (each one cost >> 1000 euros aprox); I remember the Juniper guy offering me a 'cheap' >> 7000/12000 euros solution...... :P > > I'm amazed at the fact that people are actually comparing FreeBSD with > pf to Juniper routers. I've a bit of experience with M20s and M40s, and > I can assure you they're VERY different than a little x86 PC routing > packets, and are significantly faster due to hardware routing. > The M series is hardware routed but IIRC the J series is routed in software. The performance numbers for this series are pretty close to what FreeBSD can do with the right hardware and network cards and for a lot less money. FreeBSD can also outperform many of the SSG's and NetScreen's - up to the 550/500 I think. That said, Juniper still offers numerous features that are worthwhile, even in the J, SSG and NetScreen series. You just have to need those features in order for it to make any sense. Regards, Chris