Firewalls - Ease of Use and Maintenance?

Jonathan Lassoff jof at
Tue Nov 8 22:47:48 CST 2011

It really depends on what constraints you have. Do you care about:
cost? performance? support?

Personally, for cost-constrained applications of 1 Gbit/s or less
(assuming modestly-sized packets, not all-DNS for example), I like
OpenBSD/pf or Linux/netfilter and generic x86 64-bit servers.
It's cheap, deeply customizable and since everything touches a CPU, it
allows for deep traffic inspection.

The tradeoff is that there's no support from major vendors, but there
are many smaller but very experienced consulting shops that can
integrate any patches and fix and issues that may arise.

What kinds of things are you looking for?


On Tue, Nov 8, 2011 at 3:06 PM, Jones, Barry
<BEJones at> wrote:
> Hello all.
> I am potentially looking at firewall products and wanted suggestions as to the easiest firewalls to install, configure and maintain? I have a few small networks ( 50 nodes at one site, 50 odd at another, and maybe 20 at another. I have worked with Cisco Pix, ASA, Netscreen, and Checkpoint (Nokia), and each have strong and not as strong features for ease of use. Like everyone, I'm resource challenged and need an easy solution to stand up and operate.
> Feel free to ping me offline - and thank you for the assistance.
> ----------------------------------------
> Barry Jones - CISSP GSNA
> Project Manager II
> Sempra Energy Utilities
> (760) 271-6822
> P please don't print this e-mail unless you really need to.
> ----------------------------------------

More information about the NANOG mailing list