SoftLayer hardware firewall is awful

I’ve been having a problem lately with people hitting my server more than I’d like. I’ve been using iptables to drop requests from these IPs, but I wanted something that took the load completely off of my server, and could be bypassed in case I put in a bad rule that locked me out. So I decided to try the SoftLayer hardware firewall.

This feature is expensive: $49 per month for a 10Mbps hardware firewall. That is a lot, but I figured it would be worth it to have the added protection for my server. Sadly, I was wrong. The interface to manage the firewall is garbage.

It shows a basic form listing all the firewall rules. You select the rule priority by numbering the rules 1 through however many rules you have. There is, however, no way to add a new rule to the top of the list (or the middle of the list) unless you re-number every single rule. If you have 20 rules, this can be tedious. If you have 100 rules, this can be extremely frustrating. Even worse, if you make a mistake and have a duplicate priority number then the page refreshes with all the rules set to a priority of “1″. So now you have to start all over.

Unlike iptables, there is very little help available for the firewall. SoftLayer provides a handful of knowledge base articles, but none of them include screenshots or advanced examples.

Within a few hours of using the service, I realized that it wasn’t going to work out and I’d be better off with iptables. I started a chat with the billing department, and was told they’d create a ticket to review crediting me for the service, and then they gave me instructions on how to cancel. I followed the instructions and the service was promptly removed from my server.

Sadly, I was informed that the terms of service prevented them from giving me a refund, and they said that the billing department only said they’d look into crediting me for the service, not that they actually would. How deceptive! Do they really expect me to believe that their own billing department doesn’t know what they claim is the standard SoftLayer refund policy? I likely still would have canceled the service, but I feel pretty ripped off having used the service for just a few hours, experiencing several issues with it, being told (from my perspective) that I’d get a refund, and then being stuck with the bill for a full month of service. Egh.

Overall, SoftLayer is awesome. Quality servers at great prices. In this situation though, complete fail. The firewall is garbage and they handled the situation very poorly. I’m not disappointed enough to start immediately hunting for a new host, but I’ll definitely be considering other options for my future server needs.

3 comments

  1. That stinks. Have you tried Amazon EC2? We use a pre-made LAMP ami called Bitnami. We have 4? servers there right now.

    • Definitely something I need to look into. Looks like prices have dropped pretty significantly since the last time I priced it out. I’d be saving maybe $500/year if I switched and paid a year up-front.

      My stuff is pretty heavy, so I’d probably need to go with an extra large high-cpu instance, and since I run 24/7, it’d be cheaper to reserve it once I’m positive what size I want. Have you run into any “gotchas” while using the service? Has it been fairly reliable/fast for you?

      • Actually I mis-read the price I was being quoted. Reserved instances have both a monthly fee and an upfront fee. Crazy. So EC2 would be significantly more expensive for me.

        I’m currently running 2 x Xeon 5620 quadcore 2.4GHz CPUs (so 8 physical cores + 8 virtual cores = 16 cores). These are 2010 chips, and an Amazon ECU is roughly equivalent to a 2007 1.0GHz core, so I’m assuming I’d need a heck of a lot of ECUs to equal the computing power I currently have. I also have 12GB of RAM, and normally use about 6GB but spike up to 10-11GB while doing heavy DB stuff. I have two mirrored 90GB SSDs so IO is nice and fast. If I’m reading things right, a 24/7 high-cpu extra large with my current bandwidth usage would work out to the equivalent of about $50 more per month than I’m currently paying.

        But maybe I’m reading this all wrong.. The pricing just seems so high.. Even a reserved 24/7 medium w/ 100GB of outbound data works out to around $70/month. I have a beefier VPS that I’m only paying $7/month with no long term commitments.

        And I just found this which says performance sucks compared to dedicated servers: http://blog.carlmercier.com/2012/01/05/ec2-is-basically-one-big-ripoff/

        I think EC2 might be awesome for dev instances but it just doesn’t seem economical compared to dedicated or even VPS servers..

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>