pull down to refresh
Good to know. I'm not a network guy but I dabble. Why run several instances?
reply
Hypervisor on the metal vs running an network/firewall os on metal (pf/opn/openwrt/etc):
- isolate/compartmentalize functionality within a VM (eg: run IDS and routing in a different instance context)
- rip out and replace the core firewall / routing functionality (dont like pf, switch to opn VM, etc).
- VM images can are portable between devices + easier maintenance and upgrades
disadvantages:
- performance hit due to virtualization
reply
Very helpful. Thanks.
reply
Id add that https://vyos.io/ is another open source alternative Firewall OS that implements the cisco configuration language, if that's your thing.
I tend to prefer Linux firewalls over BSD based, but that's generally a preference in features over simplicity.
A hypervisor lets you try them all with as minimal effort in swapping them out.
reply
Is there a good alternative switch manufacturer besides Cisco that doesn't have these subscription / licensing issues but also can be found used on eBay?
reply
Buying old cisco devices can be a pain to get the newest patched firmware.
Cisco will gate this behind subscriptions and maintenance contracts.
I'm not familiar with the Protectli kit, but it does look decent hardware for a good price, with no software vendor lock in.
I'd probably go the i7 core over the i3, and run several instances in a hypervisor, maybe up the ram.