Firewall Options for the NTG Lab
-
Some of you may have seen another thread where the NTG YOC Lab is coming online this weekend. http://mangolassi.it/topic/101/ntg-s-yoc-york-operations-center-lab-rack-is-beginning-to-take-shape-again
One of the questions that we are asking ourselves is what should we be using as a firewall there? As a lab environment, obviously a key goal is using things we don't necessarily use in other places. We have datacenters using Vyatta and Untangle currently. Both of those would be logical for the lab but as they already exist, in use, in other places it seems like that might not be the best option. I am currently leaning towards pfSense just because it is very good, enterprise and is not in use anywhere in our environment currently.
We are using some older hardware for the firewall role. We have an HP Proliant DL145 G2 (AMD64) that we plan to purpose for this. So a lot more power than a traditional firewall.
Any other suggestions or recommendations?
-
@scottalanmiller pfSense was my thought too.
-
Never followed up on this, whoops. We ended up using VyOS for a few years. But the hardware died on us and was too complex to service. It made no sense as it was cheaper to replace with new Ubiquiti hardware than it was to maintain what we already had. So we ended up going with a UBNT ERL and it has been great.
-
@scottalanmiller said in Firewall Options for the NTG Lab:
Never followed up on this, whoops. We ended up using VyOS for a few years. But the hardware died on us and was too complex to service. It made no sense as it was cheaper to replace with new Ubiquiti hardware than it was to maintain what we already had. So we ended up going with a UBNT ERL and it has been great.
Out of curiosity, is it the one running the NTG lab?
I'm just assuming that you only have it doing routing and that it can do the basics at full line speed.
-
@travisdh1 said in Firewall Options for the NTG Lab:
@scottalanmiller said in Firewall Options for the NTG Lab:
Never followed up on this, whoops. We ended up using VyOS for a few years. But the hardware died on us and was too complex to service. It made no sense as it was cheaper to replace with new Ubiquiti hardware than it was to maintain what we already had. So we ended up going with a UBNT ERL and it has been great.
Out of curiosity, is it the one running the NTG lab?
I'm just assuming that you only have it doing routing and that it can do the basics at full line speed.
Yes, that is what is currently running there. We don't do QoS filtering in the lab, so it handles the speeds just fine.
-
@scottalanmiller said in Firewall Options for the NTG Lab:
@travisdh1 said in Firewall Options for the NTG Lab:
@scottalanmiller said in Firewall Options for the NTG Lab:
Never followed up on this, whoops. We ended up using VyOS for a few years. But the hardware died on us and was too complex to service. It made no sense as it was cheaper to replace with new Ubiquiti hardware than it was to maintain what we already had. So we ended up going with a UBNT ERL and it has been great.
Out of curiosity, is it the one running the NTG lab?
I'm just assuming that you only have it doing routing and that it can do the basics at full line speed.
Yes, that is what is currently running there. We don't do QoS filtering in the lab, so it handles the speeds just fine.
ERL can do near line speed as long as you don’t do something to hit the CPU.
