[ale] Buy vs. build
JD
jdp at algoloma.com
Thu May 5 14:18:48 EDT 2011
My first questions:
How many end users?
How many active sessions?
How much traffic?
How much does downtime cost the company per hour?
pfSense seems able to handle anything most people would require from
small to fairly large setups with multiple pfSense boxes doing load
balancing.
I considered running a firewall inside a VM, then simply got scared
after talking with the DC404 guys. It is harder to screwup a 2 NIC setup
with 1 RED and 1 GREEN cable. I'd definitely go with a dedicated box
for the firewall AND I'd avoid using AD credentials anywhere on the
firewall/VPN machine. Call that my prejudice. I wouldn't use a normal
drive in this machine, just CF or SDHC memory for the OS. Logs would be
shipped to a log server.
On 05/05/2011 01:36 PM, David Hillman wrote:
> Our firewall is close to dead. My boss wants to buy an expensive one.
> I think it's better to build. We had problems extending the old
> firewall, plus it would give us a chance to actually have OpenVPN on the
> firewall box itself. The trouble is figuring out how to get to a
> working solution that's flexible and affordable. Should we go with a
> trihomed solution? Should OpenVPN then listen on all interfaces, or
> just the external one? How does this all fit in with our Active
> Directory and DNS server? Can OpenVPN easily deal with Active
> Directory? How should packets be routed from the VPN connection to the
> internal network and to the DMZ? Should we go with a powerful little
> box that has iptables on the hardware and something like Virtualbox +
> PHPVirtualbox for everything else? By the way, we were using a Secure
> Computing box before.
>
> The AD box can then be virtualized and consolidated inside the one
> physical box. Our web box (virtualized) and file server box would still
> stay separate. Then, how do we tie the virtualized AD service back into
> the LAN? Through the internal network interface via virtual switch?
> What are the chances of the firewall box failing? Of course, we were
> thinking of a Mini-ITX board with Intel Atom (no fans) and RAID 1 SSD
> drives. Are there any good books dealing with issues like these? I can
> understand buying to save time, but how many headaches do you have to
> put up with down the road
>
More information about the Ale
mailing list