Our pricing is based on the equivalent daily effort of a single experienced engineer,
plus direct expenses when applicable.
We focus on clear, narrowly scoped engagements and do not pursue long-term,
open-ended projects. Most work is measured in days rather than months.
We do not apply markups on hardware, licensing, or third-party services.
Hardware procurement remains entirely with the client.
Prior to any contractual engagement, we are happy to discuss scope, feasibility,
and design considerations at no cost, in order to avoid critical misunderstandings
or unnecessary expenses.
Our goal is not to maximize billable hours, but to deliver practical, well-defined
designs that can be implemented efficiently and maintained sustainably.
Proposed Solution 1: Transparent Mode Deployment
***Observed behavior where probes generated by nmap are blocked
(this does not constitute an official penetration test).***
In a transparent mode deployment,
our solution can be integrated by simply connecting it outside your existing router,
especially in Wide Area Ethernet environments.
We focus exclusively on design and configuration.
Hardware procurement remains with the client;
however, prior to any contractual engagement,
we are happy to discuss suitable hardware options and deployment considerations,
including different WAN technologies, redundancy designs, and single-device failure handling,
at no cost.
Proposed Solution 2: Benefits of Building a Redundant Firewall Architecture Using VRRP Across Different Vendors
Disadvantages:
When firewalls from different vendors are configured in a VRRP-based redundant setup, user traffic cannot be preserved when a failure causes the active firewall to switch to the standby device. Existing sessions are terminated and must be re-established after failover.
Advantages:
However, in situations where a firewall vulnerability is disclosed and immediate action is required, this approach allows traffic to be switched—within 100 milliseconds after issuing a failover command—to a firewall from another vendor that is not affected by the vulnerability. This represents a design approach that has not existed in past firewall architectures.
Proposed Solution 3: Overlay-Based Satellite Internet
In this context, “overlay-based” refers to a logical network layer built on top of existing terrestrial or wired infrastructure, with satellite connectivity used as one of the underlying transports.
In this model, satellite connectivity is treated as an underlay component of a large-scale L2 network, enabling higher-layer overlays to operate independently of the underlying transport.
Due to licensing considerations, detailed implementation specifics are not included in this document. Additional technical insights will be published separately in a personal blog at a later stage.
Web conferencing applications suitable for Starlink connections
The system architecture is shown below.
The diagram also includes the equipment used for performance validation.
The validation results will be added after the New Year holiday period.
