Forums SCOSUG Discussion

anyone using OpenBSD+PF and maybe CARP for corporate firewall use.

Subscribe to anyone using OpenBSD+PF and maybe CARP for corporate firewall use. 5 posts, 5 voices

 
Feb 6, 2007 1:50am
Zamt 6 posts

A friend of mine is looking to show his boss a “case study” or at least a corporate example of someone using openBSD+PF and carp (optional) in a real world setting.

from this email:

I personally know OpenBSD can do it, but my manager wants to see some case studies.

Our environment consists of 80 total users, about 25 remote, a Cisco Concentrator for VPN access in to our intranet, and out to a p2p VPN for Oracle access. Other then that, we host DNS/FTP/SMTP for our company on some Linux b0xen.

Can anyone offer some advice. He’s going to sign up for the forums later… but I wanted to get a jump start on this topic…

I know a few people have given talks @ SCOSUG in the past… I just can’t remember who.. or where they worked.
 
Feb 6, 2007 1:59am
msnow 1 post

Thanks for posting that up john, appreciate it.

Like what John posted, I am looking for a case study or even just a “I setup OpenBSD w/ PF as a firewall in environment X, Y, Z with N number of users for Company Blah.com”.

This information would be for internal use only.

Thanks in advance!
 
Feb 8, 2007 1:33pm
Al Gordon 52 posts

We’re pretty happy with that kind of setup at ISG. We don’t have nearly that many users behind our firewall, but have a fair number of websites, email, hosted application servers, etc. living back there, and have had no problems that I’m aware of.
 
Feb 9, 2007 5:05pm
Nick Danger 83 posts

There was a commercial company selling OpenBSD PF configs and they might have some case studies on their site. (Not that I remember who it was) Ive used it in the past in front of things and it worked very well on sites up to a few thousand hits a day (under 10) and email traffic of about the same. Sorry I cant offer more info then that.
 
Apr 12, 2007 2:07am
Jaiger 2 posts

Guys, I setup the OpenBSD+PF+Carp+pfsync firewall cluster at ISG. I’m very happy with the results. The configuration is basic and not too exotic. We’ve got a handful of subnets behind the cluster hosting a variety of public services (dns, web, smtp, pop, imap, instant messaging, VOIP and others.)

My favorite feature of the cluster has always been the CARP automatic fail-over. We can service one node (firmware/OS upgrades) without affecting service.

The SCOSUG.org site is on our network behind this firewall.

It was simple to setup and just works.

-joe
Forums SCOSUG Discussion
copyright © 2007 scosug - all rights reserved
Welcome   |   Next Meeting   |   Past Meetings   |   Activities / Events   |   Files   |   Chat / Boards