Hello!

We have a big company network and i am planing to set up a new default gateway ( ha ).

So my question:

Has anybody already such a system and how would that look like.

Actually I plan with SLES11 64bit DL380G6 cluster with bonding 8 nic`s with each 1Gbit uplink.

Any suggestions ?
How would i make it HA ? ( just googling HA cluster SLES...)

Thanks for any idea !

Personally, I went with ASTARO instead of rolling my own.

They pretty much automate or simplify everything I wanted to do in a firewall.

And it is open-source, so you can download and run without a license if you must. (Though that means running without support, security patches, etc.)

I have no problem with missing updates but i need more than 300 connectikns at a time.

ip-conntrack !

would that work with the open-sorce version of astaro?

I can only find a personel version not an open source version.

Do you have a link ?
Can you make a cluster of it?

I have not tried the ASTARO personal version: we use licensed ASTARO security appliances at work.

I have one with over 60 VPN connections alone, some of them with as many as 30 class C subnets per VPN. That is a LOT of traffic, and we have never had a problem.

We also run the PPTP VPN configuration, just for Network and System Administrators.

We did have two configured in a HA failover cluster (there is a how-to on the ASTARO web site: they make it easy) but we have broken that cluster to use the second for our Disaster Recovery site now.

I am not aware of any restrictions on the personal edition that would restrict this kind of usage, but (as I said) I have not tried.

If you must go the FREE and unsupported route, there are some gateway appliance Linux distributions out there worth looking into. Have you checked in DISTROWATCH for ideas?