From owner-freebsd-questions  Thu Dec  9  8:22:39 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from dozer.skynet.be (dozer.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP id 4F3EC15179
	for <questions@freebsd.org>; Thu,  9 Dec 1999 08:22:30 -0800 (PST)
	(envelope-from brad@shub-internet.org)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by dozer.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id RAA16961
	for <questions@freebsd.org>; Thu, 9 Dec 1999 17:22:29 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be (Unverified)
Message-Id: <v04220813b475868e2a49@[195.238.1.121]>
Date: Thu, 9 Dec 1999 17:22:09 +0100
To: questions@freebsd.org
From: Brad Knowles <brad@shub-internet.org>
Subject: Top-notch firewall config w/ FreeBSD?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Folks,

	I'm wondering if you can give me some advice on this issue, or if 
you can give me guidance on where I should take this question 
(freebsd-security?).


	Anyway, the short of it is that we're getting fed up paying high 
hardware and astronomical software costs for our Firewall-1 setup, 
and we're concerned that it may not be able to continue to scale with 
us as we grow anyway.  In terms of the features, we're really not 
making that much use of everything it can do, instead we're mostly 
using it for packet filtering.

	Given all this, we're interested in the possibility of replacing 
it with either a Linux or FreeBSD-based solution.  My personal 
preference is FreeBSD, but we're probably going to need to at least 
try a comparable Linux setup (if any such thing exists).


	What I'd like is to see what folks would recommend for use as a 
primarily packet filtering firewall solution under FreeBSD that can 
handle upwards of 150Mbps today (w/ Gigabit Ethernet NICs), and scale 
to even higher levels in the future.

	Ideally this would be something that could do load-balancing and 
high-availability as well, so that one system could take over the 
whole load if the other should die.


	Thanks!

-- 
Brad Knowles <brad@shub-internet.org> <http://www.shub-internet.org/brad/>
     <http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0xE38CCEF1>

Your mouse has moved.   Windows NT must be restarted for the change to
take effect.   Reboot now?  [ OK ]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message