Results 1 to 13 of 13
  1. #1
    Join Date
    Jun 2001
    Posts
    480

    Firewall recommendation

    Hi WHT

    We recent got 100mbps incoming UDP flood attack. So, we are looking to put a firewall on our edge to avoid it happening again. What firewall would you recommend for 300-500mbps protection.

  2. #2
    Join Date
    Oct 2002
    Location
    Vancouver, B.C.
    Posts
    2,699
    What's much more important than the bps is the pps (packets per second). Do you have any idea how many pps the attack was?
    ASTUTE INTERNET: Advanced, customized, and scalable solutions with AS54527 Premium Performance and Canadian Optimized Network (Level3, Shaw, CogecoPeer1, GTT/Tinet),
    AS63213 Cost Effective High Performance Network (Cogent, HE, GTT/Tinet)
    Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami

  3. #3
    Join Date
    Jun 2001
    Posts
    480
    I could be wrong. I suspect it was around 10-20K pps.

  4. #4
    Join Date
    Jun 2009
    Posts
    83
    20k PPS is fairly substantial for a low-end firewall to shrug off. What's your budget?

  5. #5
    Join Date
    Dec 2005
    Location
    NYC
    Posts
    428
    If thats it then a cisco asa 5520 or 5540 would be able to handle that.
    Edge 1, LLC
    http://www.edge1.net | 800.392.2349
    Cisco SMARTnet & Licensing Specialists | Datacenter/Network Design & Management Consulting | Cisco New & Certified Refurb Equipment Sales

  6. #6
    Join Date
    Aug 2009
    Location
    Orlando, FL
    Posts
    1,063
    Juniper SSG320

  7. #7
    Join Date
    Mar 2009
    Location
    Boise, Idaho USA
    Posts
    109
    +1 for the 5520
    SolutionPro Inc
    www.solutionpro.com
    Colocation Server Hosting
    Virtual Server Hosting

  8. #8
    Join Date
    Jun 2001
    Posts
    480
    Our budget is $3000-$5000. Any idea how much would a typical cisco asa 5520/Juniper SSG320 cost?

  9. #9
    Join Date
    Dec 2005
    Location
    NYC
    Posts
    428
    Quote Originally Posted by Eiv View Post
    Our budget is $3000-$5000. Any idea how much would a typical cisco asa 5520/Juniper SSG320 cost?
    A new 5520 is under 5k with certified referbs from cisco under 4k.
    Edge 1, LLC
    http://www.edge1.net | 800.392.2349
    Cisco SMARTnet & Licensing Specialists | Datacenter/Network Design & Management Consulting | Cisco New & Certified Refurb Equipment Sales

  10. #10
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,302
    How large is your port speed? If it's only 100Mbps, it's likely the attack was much larger than what you were seeing due to the bottleneck. As such, it wouldn't make much sense to filter this traffic on your side of the port.
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  11. #11
    Join Date
    Jan 2003
    Location
    Budapest, Hungary
    Posts
    231
    You could use some simple hardware (even Core2 based) with a good network card (Intel cards are the best) install FreeBSD or Linux and filter it by yourself, that will cost less and be more flexible till few millions of PPS (sometimes highly tweaked system can handle more than 1kk pps), after that you should look into more specific cpu packet handled systems like from cisco.
    ServerAstra.com website / e-mail: info @ serverastra.com
    HU/EU Co-Location / Managed and Unmanaged Cloud & Dedicated servers in Hungary with unmetered connections

  12. #12
    I'd go with a juniper srx series before the ssg. The ssg is dead and the srx is their new hotness, are far more powerful and a great bang for your buck.

    We swapped out our asa5510-sec-bun's for srx240h's and never looked back.

    The ASA's are x86 based cpu turds. Seriously, look it up they're running celerons and p4's from 2006. With your budget you can do a lot better.

    I can't believe spudster hasn't posted about the asa's being a cpu based turd..

  13. #13
    Join Date
    Apr 2009
    Location
    Dallas/FortWorth TX
    Posts
    1,703
    Watchguard are good too, and within the budget XTM 510 would be around $3000 new where as Cisco ASA 5520 you would get it for around $5K refurb.
    <<< Please see Forum Guidelines for signature setup. >>>

Similar Threads

  1. Hardware Firewall recommendation
    By dom3742 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-15-2010, 11:13 PM
  2. Firewall recommendation for colocation
    By MondeoST24 in forum Hosting Security and Technology
    Replies: 8
    Last Post: 06-05-2010, 05:26 PM
  3. Firewall Recommendation
    By NodePlex in forum Colocation, Data Centers, IP Space and Networks
    Replies: 8
    Last Post: 05-05-2008, 12:49 PM
  4. Firewall Recommendation for DDoS
    By exedgeman in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-08-2006, 05:28 PM
  5. FireWall recommendation !!!
    By oc3 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 08-27-2002, 05:40 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •