Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
840
Views
0
Helpful
0
Replies

pfsense deployment on UCS-E

philip moore
Level 1
Level 1

‎01-19-2019 01:23 PM - edited ‎02-21-2020 08:40 AM

Dear Community

A client has an existing WAN solution based on FlexVPN with DIA secured by ZBFW. We wish to migrate this to the Enterprise standard IWAN which follows latest CVD.

ZBFW to secure tunnel transports (global) is not described in IWAN prescriptive design and from operational perspective is somewhat of a nightmare to manage (complicated config, too many hands on router CLI etc), therefore we're looking for a way forward with this to offload ZBFW to an external appliance. Customer did not have budget for our current standard (Checkpoint) so we're looking at free alternatives hosted on UCSE.

Key constraint is that each customer branch is very light deployment, with all features and services collapsed in a single ISR G2 2951 router. Router has a UCS-E140S-M1/K9 which currently has 2 VMs running on it (vWAAS & Windows server). Client has spare ISR 4321 which is available for future upgrade, sadly they didn't buy a UCS-E for this.

 

Looking for advice or design template for deployment of perimeter (Internet facing) firewall hosted on UCSE.

 

Potential candidate for firewall is pfsense, but also considering netfilter/iptables on Red Hat, clearOS and IPFire.

 

I read this page but quite complicated...https://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-e-series-servers/white-paper-c11-739289.html

 

Thanks in advance for your support and interest

 

Phil

Any advice appreciated 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card