I saw that's not cheap, especially the cisco.Fortigate 1100E, ~$20000. Advanced filtering is extra.
40gbps firewall is not a trivial product, there isnt a cheap solution.
Thank you for advice. Will try the arista, currently using cer 2024c-4x-rt, but hit the IP list limit. As I understood Arista has larger IP list possibilities, am I right?if all you need to filter by is L4 and above stuff like IP/port (eg you don't need NAT), then a $200 ICX6610 fits that bill if you don't need a bunch of 40gbE ports, any of the ~$500 aristas like the 7050qx-32s if you do, etc (all used prices of course). with those requirements you'll have much better luck searching for an L3 switch instead of a firewall
by IP list limit do you mean you ran out of TCAM? that CER will do full tables if I remember right, so it's going to have way more TCAM than those aristas. How many ACL entries?I saw that's not cheap, especially the cisco.
Thank you for advice. Will try the arista, currently using cer 2024c-4x-rt, but hit the IP list limit. As I understood Arista has larger IP list possibilities, am I right?
From Source: {10.0.0.0/8, 10.1.0.0/24, 10.2.0.0/24}
To Destination: { 1.1.1.1/32, 2.2.2.2/32, 3.3.3.3/32}
On Port: {80, 443}
Deny
From Source: {10.0.0.0/8, 10.1.0.0/24, 10.2.0.0/24}
To Destination: { 1.1.1.1/32}
On Port: {80, 443}
Deny
From Source: {10.0.0.0/8, 10.1.0.0/24, 10.2.0.0/24}
To Destination: {2.2.2.2/32}
On Port: {80, 443}
Deny
From Source: {10.0.0.0/8, 10.1.0.0/24, 10.2.0.0/24}
To Destination: { 3.3.3.3/32}
On Port: {80, 443}
Deny