[CentOS] 1U firewall hardware

Sun May 15 22:12:24 UTC 2011
Ryan Wagoner <rswagoner at gmail.com>

On Sun, May 15, 2011 at 5:57 PM, Miguel Medalha <miguelmedalha at sapo.pt> wrote:
>>> pci is a shared bus with a max of 2 gigabits.  you'll see a gigabit but
>>> never see two or more.
>> I am aware of that. But as I said it depends on your particular needs in
>> *concurrent* traffic. Although it cannot sustain simultaneous Gigabit
>> debits on all interfaces, i can sustain Gigabit bursts that are not
>> simultaneous, as is often the case.
>> I have found that such a solution is perfectly capable when isolating a
>> LAN, or several LANs,  from a WAN, for example.
> If you really need concurrent Gigabit traffic on several interfaces, I
> would suggest that you get proper *dedicated* firewall/router hardware
> instead of building one from standard parts. It will be much more efficient.

I'm assuming the OP is trying to save money. A firewall with 5xGbe
interfaces is going to thousands of dollars. With Cisco you would be
looking at a ASA 5520, which only provides 4xGbe and 1x10/100. If you
just need to provide inter-vlan routing and a firewall for Internet
access a layer 3 switch and separate firewall would be best.