small ISP router/security box/Snort/Content filtering
I need to put a router/firewall in place at a teleport that i uplink from to the satelltie i use to deliver BW to my small client base. Because we are planning on putting a WAN accelerator at the HUB the teleport has told me that i need to install my own routing/firewall equipment as the routing becomes a bit more involved with the WAN accelerator in my network and therefore trouble shooting becomes a problem for them. They say things stay much simpler if i have my own gear installed.
Ok so i am going ahead and am going to install my own router/firewall. They have told me a Cisco 5510 or 5520 ASA is appropriate. Not being a Cisco guy at all and NOT knowing the Cisco interface/OS i have no alleigance to Cisco in anyway.
So should i put in the Cisco box or should i look at Vyatta subscription based box or maybe even PFsense with a professional support contract from the company that makes PFSENSE?
I know you cant go wrong with Cisco gear but its a tad expensive and locks me in to the Cisco platform.
I might add i want to install a snort box and Vyatta has this onboard. I am also looking at a Scrutinizer server that can give lots of information from probes behind each satellite modem in the field about traffic flows top talkers etc so that we can pinpoint abusers etc. I also want to filter traffic to individual sites to stop P2P/facebook etc as all our links are business links and 99% of our clients want that type of traffic blocked. I need to be able to do this on a site by site basis. Each site has its own Public IP /30 so i am hoping we can filer each site separately as not every site will need to be locked down to the same degree - depending on what each business owner/manager wants. All this is relevant to my original question because i need to make sure i can get all this working together.