![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
I work for a hosting company and if anyone wants a firewall, we give them a dedicated firewall. Usually Cisco or Netscreen and typical a low end model, ASA5505/PIX501,515 or Netscreen 5GT. While these firewalls might be rated for at least 100mbps, most of the clients are not even pushing that much traffic. At most 25% of the rating on the FW.
Going forward, i want to try to consolidate all these small individual firewalls, into 1 or 2 larger units. To give a better understanding on how its set up:
- Client VLANs (several hundred) exist a pair of C4948g's with a mix of 2950Ts and 2960s hanging from them for access switches.
- Client FW hangs off one of the ports on the access switches with the client servers behind it. The FW is in transparent mode.
So in an ideal work, id like to be able to use this larger device to filter traffic for any VLAN that i want. So if a client wants a VLAN, hit a couple of buttons, and like magic, any traffic destined for this VLAN would be filtered (yes i know its not that easy as one single button). Any suggestions on how to set this up? What kind of fw will support this? Ideally, id like the device to do 1 gig line speed out of the box with some sort of upgrade path to 10Gb in the future, whether its software or hardware upgrade.
Thanks ahead of time!
Going forward, i want to try to consolidate all these small individual firewalls, into 1 or 2 larger units. To give a better understanding on how its set up:
- Client VLANs (several hundred) exist a pair of C4948g's with a mix of 2950Ts and 2960s hanging from them for access switches.
- Client FW hangs off one of the ports on the access switches with the client servers behind it. The FW is in transparent mode.
So in an ideal work, id like to be able to use this larger device to filter traffic for any VLAN that i want. So if a client wants a VLAN, hit a couple of buttons, and like magic, any traffic destined for this VLAN would be filtered (yes i know its not that easy as one single button). Any suggestions on how to set this up? What kind of fw will support this? Ideally, id like the device to do 1 gig line speed out of the box with some sort of upgrade path to 10Gb in the future, whether its software or hardware upgrade.
Thanks ahead of time!