F5F Stay Refreshed Power Users Networks Absolutely, it's not meant to be a networking platform.

Absolutely, it's not meant to be a networking platform.

Absolutely, it's not meant to be a networking platform.

J
JohannesTJ
Junior Member
Find
7
04-01-2016, 04:45 AM
#1
But I can't resist—my role is network infrastructure/security. Amid the Jellyfish fryer and Office Upgrade tutorials, a few ideas popped into my mind. Office Upgrade 1: Network Border, pfSense. To start, I want to say pfSense is an excellent tool, one I rely on for a particular scenario. But it wouldn’t be the right choice for your enterprise setup. Not because it’s not strong, but because there’s a better match elsewhere.

a) The numbers don’t add up—IMIX only reaches about 60% of your uplink. For your high-volume flows, which are full-packet 1500-byte transfers, the hardware might struggle and performance could drop.

b) Out of the box, it’s mainly a Layer 3 and Layer 4 firewall. If you aim for L5-L7 capabilities, an x86-based solution will be challenging to implement. These IPS/IDS workloads are demanding and hard to manage. Still, with your internal asset load, it might be worth considering.

c) Remote Access: NGFWs offer solid SSL and IPSEC VPN features. pfSense supports OpenVPN, though setup remains complex for both ends.

d) Visibility: You’ll need a dedicated analytics appliance—something like an ELK stack—for real-time network insight. This isn’t a simple task.

My top suggestion would be a Fortinet 1100E. Move to their Wi-Fi platform (the controller is built into the firewall), giving you unified management, enterprise 802.x support, and cloud analytics for full traffic visibility.
Reply
Reply
J
JohannesTJ
04-01-2016, 04:45 AM #1

But I can't resist—my role is network infrastructure/security. Amid the Jellyfish fryer and Office Upgrade tutorials, a few ideas popped into my mind. Office Upgrade 1: Network Border, pfSense. To start, I want to say pfSense is an excellent tool, one I rely on for a particular scenario. But it wouldn’t be the right choice for your enterprise setup. Not because it’s not strong, but because there’s a better match elsewhere.

a) The numbers don’t add up—IMIX only reaches about 60% of your uplink. For your high-volume flows, which are full-packet 1500-byte transfers, the hardware might struggle and performance could drop.

b) Out of the box, it’s mainly a Layer 3 and Layer 4 firewall. If you aim for L5-L7 capabilities, an x86-based solution will be challenging to implement. These IPS/IDS workloads are demanding and hard to manage. Still, with your internal asset load, it might be worth considering.

c) Remote Access: NGFWs offer solid SSL and IPSEC VPN features. pfSense supports OpenVPN, though setup remains complex for both ends.

d) Visibility: You’ll need a dedicated analytics appliance—something like an ELK stack—for real-time network insight. This isn’t a simple task.

My top suggestion would be a Fortinet 1100E. Move to their Wi-Fi platform (the controller is built into the firewall), giving you unified management, enterprise 802.x support, and cloud analytics for full traffic visibility.

Reply
Reply
J
JuicyDiamond
Member
Find
85
04-01-2016, 06:50 AM
#2
It varies. A video recommendation comes with an UpGrade request. I’ll handle the settings just for fun.
Reply
Reply
J
JuicyDiamond
04-01-2016, 06:50 AM #2

It varies. A video recommendation comes with an UpGrade request. I’ll handle the settings just for fun.

Reply
Reply
N
NoobtasticMC
Junior Member
Find
6
04-01-2016, 02:50 PM
#3
Offers a unique look at networking topics rarely covered. Focuses on switching and routing concepts. Using pfSense as the primary gateway would attract a wide audience.
Reply
Reply
N
NoobtasticMC
04-01-2016, 02:50 PM #3

Offers a unique look at networking topics rarely covered. Focuses on switching and routing concepts. Using pfSense as the primary gateway would attract a wide audience.

Reply
Reply
X
XxKripxDeMoNxX
Senior Member
Find
536
04-01-2016, 04:46 PM
#4
You're welcome!
Reply
Reply
X
XxKripxDeMoNxX
04-01-2016, 04:46 PM #4

You're welcome!

Reply
Reply
L
LolaLouie
Senior Member
Find
742
04-02-2016, 06:40 AM
#5
Discussing third-party options, one vendor is evaluating possibilities for 48 fixed RJ45 ports supporting speeds from 10/100 to 10,000 Mbps, including four QSFP+ 40G ports. They’re also considering a 32-port QSFP+ switch for 12k ports. This setup could cover both server and office needs for around $25k (including optics and some networking gear). Running on a Trident3 chipset, Cumulus Linux might be a great fit. The main question seems to be about network MK.3 solutions for LTM devices, particularly if the Fryer is still available.
Reply
Reply
L
LolaLouie
04-02-2016, 06:40 AM #5

Discussing third-party options, one vendor is evaluating possibilities for 48 fixed RJ45 ports supporting speeds from 10/100 to 10,000 Mbps, including four QSFP+ 40G ports. They’re also considering a 32-port QSFP+ switch for 12k ports. This setup could cover both server and office needs for around $25k (including optics and some networking gear). Running on a Trident3 chipset, Cumulus Linux might be a great fit. The main question seems to be about network MK.3 solutions for LTM devices, particularly if the Fryer is still available.

Reply
Reply