Months back in 2007 I had to run a project to replace a lot of „old“ **nux based so called multipurpose gateways. These gateways did always something like firewall/packetfilter, Internet guest access gateways, high performance VPN termination devices, IDS/IPS and webfiltering. Sometimes they did only one function of these, sometimes one box did everything and sometimes also in an HA setup. The main issue was: all systems got installed from different admins with different philosophies and preferences for one or the other
Linux distribution.
So the target of these project was: melt down all different systems into one flexible solution (hardware/software), which fulfills all functional requirements as well as the HA requirement.
After finding some options (e.g. Cisco ASA, Juniper SSG network security appliance) an extensive lab session followed to simulate all possible scenarios for their future usage.
The result: Junipers SSG5xx series network security appliance brought the right mixture of feature set, performance, a got implementation of clustering, IPS and webfiltering and and and. Also the ASA from Cisco did most of the jobs in our lab, but there were some small key features like split DNS for example, which we
missed. So it ended up with an order of SSG520s, which are now in use as very flexible solution for gateways, firewalls, IPS/IDS, Internet guest access, high performance VPN termination…
No Comments