HI everybody

Anybody got any advises regarding Firewalls ? .. right now we are using Cisco PIX 515's where we are at, but lookign for something else (the cisco's have actually been more trouble than they are worth)

How about software solutions (to combine with a dedicated server for the application of course)

Thanks for any insights

It depends on your needs and what you want to spend.

I'm fond of Check Point's Firewall-1 although I am a tad bit biased when I say that.

Well, the PIX515 is a good example of our needs, it handles our requests well, I just don't like it (keeps breaking, BOTH of them)

Personally I like ipfw on FreeBSD boxen.

But for a dedicated firewall box I'd go with OpenBSD -- their latest version has some "sanitizing" code which protects against insecure IP stacks.

Carlos -- if you are familiar with Checkpoint, you may want to look at the Checkpoint-NG Software solution. In addition to a lot of cool features like stateful failover, session sharing and VRRP it allows you to create virtual firewalls. You can install multiple customers, with individual rulesets, on the same pair of firewalls...so you can charge people for dedicated firewall service :D.

The other thing that I like about Checkpoint. Take a look at their product matrix:

http://www.checkpoint.com/products/security/platforms/platforms_matrix.html

A pair of Linux Dual 1.7 GHz Xeons will run you less than $10,000 and are rated, by Checkpoint, at 1+ Gbps.

Whatever you do, stay far away from Watchguard, especially for a data center solution. I know that they are pretty and red, but I have seen them get crushed under the load of a T1.