Daren, The performance impact of firewall filters is really dependent on traffic load, number of rules, etc. IDS is on our list of to do items., but you could apt-get snort from the debian repository until we get it officially integrated.
For a dual router setup, I think you are simply looking for two boxes running VRRP between them. Each box would then have a route to your upstream provider. Cheers, Robert. Daren Tay wrote: > Ok I know I have been posting a whole slew of things today, but after being > away for so long, > I just have to put the questions in my head to rest.. > > pardon me > > I understand Vyatta has firewalling capability, but a pity I don't have a > spare machine right now to test it, but is it sufficient? > Does it do IDS too? How much of a performance hit would I expect? 50% more? > > Maybe I am being greedy (or stingy, depends on how you look at it), but I am > thinking if I could cut some cost and implement them all in one box > > > Lastly, for today, I am planning to do a active-passive setup, meaning 2 > boxes of Vyatta, so as to achieve a roll-over if one goes down. > Right now, my datacenter is suggesting that they can handle that part for me > by having an additional line pulled to the 2nd router and if they detect a > failure (failed ping), they will auto-rollover. > > Anyway to get Vyatta to handle that, in a cluster mode or something.. maybe > using Heartbeat? > Because considering Vyatta is an application, I am worried the situation > whereby the service hung, but it responds to ICMP request... > > I saw that happening before (with regular web servers). So am not sure if > this is a valid worry? > > Thanks again! > Daren > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users