Q: case studies about scalable, enterprise-class firewall w/
IPFilter
Chris Marlatt
cmarlatt at rxsec.com
Wed Aug 6 13:46:42 UTC 2008
Jeremy Chadwick wrote:
> On Wed, Aug 06, 2008 at 10:21:51AM +0200, Jordi Espasa Clofent wrote:
>>> Well, there are always Juniper Networks boxes :-)
>> I do the same (even more in some points) as Juniper boxes with simple
>> standard boxes with OpenBSD and PF.
>>
>> At present day my central FWs are simply standard 2 boxes (each one cost
>> 1000 euros aprox); I remember the Juniper guy offering me a 'cheap'
>> 7000/12000 euros solution...... :P
>
> I'm amazed at the fact that people are actually comparing FreeBSD with
> pf to Juniper routers. I've a bit of experience with M20s and M40s, and
> I can assure you they're VERY different than a little x86 PC routing
> packets, and are significantly faster due to hardware routing.
>
The M series is hardware routed but IIRC the J series is routed in
software. The performance numbers for this series are pretty close to
what FreeBSD can do with the right hardware and network cards and for a
lot less money. FreeBSD can also outperform many of the SSG's and
NetScreen's - up to the 550/500 I think.
That said, Juniper still offers numerous features that are worthwhile,
even in the J, SSG and NetScreen series. You just have to need those
features in order for it to make any sense.
Regards,
Chris
More information about the freebsd-hackers
mailing list