which firewall product?

• Previous message (by thread): which firewall product?
• Next message (by thread): which firewall product?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not sure how bsd handles ipip connections. If it breaks them out as a dedicated interface (like it does for openvpn connections) , then rules can be applied and pfsense would be quite useful. The UI is very simple. 

Warren Bailey <wbailey at satelliteintelligencegroup.com> wrote:
>Look into pfsense. It's rock solid and bad based, and can be purchased
>as an appliance. (both real and vm)
>
>
>Sent from my Mobile Device.
>
>
>-------- Original message --------
>From: William Herrin <bill at herrin.us>
>Date: 07/30/2013 1:02 PM (GMT-08:00)
>To: nanog at nanog.org
>Subject: which firewall product?
>
>
>Hi folks,
>
>I'm trying to identify a firewall appliance for one of my customers.
>The wrinkle is: it has to be able to inspect packets inside an IPIP
>tunnel and accept/reject based on IP address, TCP port number and
>standard things like that. On the packet carried *inside* the IPIP
>tunnel packet.
>
>
>From what I can tell, the Cisco ASA can't do this.
>
>Linux iptables can (with the u32 match module) but the customer wants
>an appliance, not a server.
>
>What appliances do you know of that can do this? Is there a different
>Cisco box? A Juniper firewall? Anything else?
>
>Thanks in advance,
>Bill Herrin
>
>
>--
>William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
>3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>Falls Church, VA 22042-3004

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

• Previous message (by thread): which firewall product?
• Next message (by thread): which firewall product?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]