Core router - firewall setup

I am curious what others are using for a firewall for their entire network.

We currently have an “outside” core router (Cisco 7206) connected to the world via fiber. For years (I inherited the network 4 years ago) that 7206 has been connected to an OpenBSD box serving as a firewall (and whatever else we needed to do) and from there to a Cisco 2948G-L3 (which is more like a distribution router) where we connect each physical segment (we currently have 4 segments going each direction off our main tower) and also connect colocation customer subnets, etc.

The REAL question is what are the implementations of core firewall that others are using for the main entry point in their network?

I am assumming that a “core firewal” is pretty standard for you guys too.

Input? Opinions?

Paul, PDMNet


Cisco extended access-lists. Works well for me. I always enjoyed watching the counters increment for the Windows File Sharing ports, denial of telnet and standard ping to guarded servers, etc.


What SonicWall model are you using for this and what is the size of your network and what is your pipe to the 'Net?


We have no network firewalls, only host firewalls on servers. (Zone alarm)

iptables which runs on a diskless debian machine.

He, “bart” (yes, from the Simpsons), serves as our core router/firewall for our entire customer network, intranet, management network, wireless network and any network in between. Well, except our colocation network.

Few 4 port ethernet cards, Linux (Debian), RAM, and Mt. Dew, …does a network good.

No firewall for customers. We have a Juniper Netscreen for our servers, and basic telnet, ssh, ect. access lists on al our L3 switches.