The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] RE: Which FW for MPLS VPN?
Hi, The cisco fwsm (pix blade for cat6500) has support for virtual firewalls with all the required features for such a service. However it's pricing is very high and the any virtual fw makes it higher. I've tested the check-point platform (they call it vsx) about 18 months ago and it was a nightmare to manage and also required their provider-1 management system which adds significant cost. About the netscreen - I heard very good impressions about it, but I didn't try it myself (yet). Regards Amos -----Original Message----- From: Roy-Magne Mo [mailto:rmo@sunnmore.net] Sent: Sunday, January 30, 2005 2:48 AM To: mpls-ops@mplsrc.com Subject: Re: [MPLS-OPS]: Which FW for MPLS VPN? On Sat, Jan 29, 2005 at 10:09:05PM +0100, Garry Glendown wrote: > As Cisco doesn't seem to have a suitable firewall IOS for their PIX any > time soon, and the Lucent Brick we picked up doesn't seem to be anywhere > close to usable, what Firewall are you folks using to connect multiple > MPLS VPNs to the Internet? As Steinar mentioned the Netscreen, support virtual systems and also supports BGP, OSPF and RIP - so it's easily integrated into a typical RFC 2547bis setup. We also do use Juniper M-series with the AS-PIC, this means a very tight integration with the L3VPN and a relatively nice price per L3VPN. This solution will need a provisiong system. I believe that Checkpoint FW-1 also has a version with support for virtual systems. -- Roy-Magne Mo ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml |
|