Security Appliance Roundup Part 1
So I want to simplify and strengthen our network security at the office. Currently we’re using a mishmash of cisco IOS ipsec, pptp, cbac/NAT and linux iptables host based firewalls. I’d like to centralize everything, and add a more reliable vpdn solution to the mix. In addition, I’d like better logging and traffic shaping control. Cisco 2600 with IOS 12 advanced firewall I’ve been running this for the last couple of years, on 2600 class hardware. In general, its a very complete solution, but configuring it can be extremely trying. I can’t even remember the number of times I’ve been stumped by some issue that ‘should be working’, only to find out a month or two later that the problem was software revision I was using. Cisco is very difficult to work with wrt getting firmware updates for their software, and I typically don’t have good luck findout out what other version I’d need, anyway. The cisco ipsec vpn implementation seems to be solid, as are their routing abilities. The CBAC packet inspection system is where the cisco starts to weaken as a firewall platform, however. Even just inspecting standard TCP traffic can easily put the 2600 under enough load that I can’t really afford to run it between my internal network and DMZ. ...