anyone have any good / bad experience with Palo Alto Networks firewalls? their appid is great the VM is decently performant, but not vSRX level (which has great performance and decent but increasing app identification abilities) the patching is never ending with PAN software. I personally never got used to the way it deals with subnets, network objects, interfaces, etc. but, things like BGP and OSPF end up working, with all the fixings, once you figure out what knobs to turn. the documentation is Useful(tm) in that regard I mean, I'd only not use an OpenBSD firewall if I needed the app ident stuff. otherwise it's just another packet filter with some routing daemons apparently the edgerouter lite works with openbsd i wonder what there is between that and a small PC yeah, the ERL is an octeon MIPS processor, and openbsd is somewhat actively developed on it. the downside is much of the ERL features are hardware accelerated, and that of course is a complete binary blob you'd get better performace/watt out of a recent atom C27xx or similar i didn't even realise that there was hw accel :) you might be right there then. the cool thing about stuff like erl is that they're physically tiny but yeah normal intel cpus and form factors are getting smaller. pyvpx: what is their App-ID? (i see it in the product briefs, but no explanation on what it is!) mercutio: yeah the actual hardware version of their firewalls are hw accelerated OK I rtfm'd... App-ID looks interesting... name is on the tin ;) fine grained application traffic identification google hangouts traffic versus google mail traffic. if you're into that sort of thing. vSRX has some similar features. not as finely grained last I looked at it a year+ ago plus it's an additional licensing fee for vSRX pan does it by default, but I think you need a subscription to some service to get regular (daily? weekly? i dont recall) updates. i.e., the thing that QUIC will break for good? ;-) well, most of the useful app id is based on subnets and cert information seems apu2 is better openbsd small hardware solution intel ethernet with amd cpu and 6watt power