On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote: > Hi misc, > > I'm currently looking for hardware alternatives for firewalls that > should have more than four NICs. > > Currently we are buying R200s from Dell, but we have the 4 NIC > limitation. We could tell Dell to install a quad port NIC (in addition > to the two-port onboard card), but I haven't read good things about the > way they work. > > I've also looked into soekris, but they don't seem to have enough CPU > for what we want (this is pure speculation) as we also have intense > IPSec traffic on some of these firewalls (I've seen that some of them > could have encryption boards added to increase performance, but I don't > know if it works for any kind of protocol, or at what rate). > > In any case, what I would like to have is firewalls with multiple NICs > (at least 6 NICs) *and* sufficient CPU to let IPSec work alright at > least at ~50Mbps (internal backbone firewalls). The multiple NICs are to > use trunk, pfsync, real network interfaces, etc.
Why could you possibly need 6 physical interfaces? Even if you have a failover pair of firewalls and switches, with a dedicated pfsync interface, you could get by easily with three interfaces. The first two interfaces are trunked, one to each switch. Use vlan(4) interfaces with carp(4) on top of that. Your third interface would crossover between firewalls for private pfsync traffic. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
