|
Jaiger
2 posts
|
Topic: anyone using OpenBSD+PF and maybe CARP for corporate firewall use.
Guys,
I setup the OpenBSD+PF+Carp+pfsync firewall cluster at ISG. I’m very happy with the results. The configuration is basic and not too exotic. We’ve got a handful of subnets behind the cluster hosting a variety of public services (dns, web, smtp, pop, imap, instant messaging, VOIP and others.)
My favorite feature of the cluster has always been the CARP automatic fail-over. We can service one node (firmware/OS upgrades) without affecting service.
The SCOSUG.org site is on our network behind this firewall.
It was simple to setup and just works.
-joe
|
|
Nick Danger
87 posts
|
Topic: anyone using OpenBSD+PF and maybe CARP for corporate firewall use.
There was a commercial company selling OpenBSD PF configs and they might have some case studies on their site. (Not that I remember who it was) Ive used it in the past in front of things and it worked very well on sites up to a few thousand hits a day (under 10) and email traffic of about the same. Sorry I cant offer more info then that.
|
|
Al Gordon
60 posts
|
Topic: anyone using OpenBSD+PF and maybe CARP for corporate firewall use.
We’re pretty happy with that kind of setup at ISG. We don’t have nearly that many users behind our firewall, but have a fair number of websites, email, hosted application servers, etc. living back there, and have had no problems that I’m aware of.
|
|
Zamt
8 posts
|
Topic: anyone using OpenBSD+PF and maybe CARP for corporate firewall use.
A friend of mine is looking to show his boss a “case study” or at least a corporate example of someone using openBSD+PF and carp (optional) in a real world setting.
from this email: I personally know OpenBSD can do it, but my manager wants to see some case studies.
Our environment consists of 80 total users, about 25 remote, a Cisco Concentrator for VPN access in to our intranet, and out to a p2p VPN for Oracle access.
Other then that, we host DNS/FTP/SMTP for our company on some Linux b0xen.
Can anyone offer some advice. He’s going to sign up for the forums later… but I wanted to get a jump start on this topic…
I know a few people have given talks @ SCOSUG in the past… I just can’t remember who.. or where they worked.
|
