Hi,

I've been looking at some software firewalls to protect a few of our servers, but wondered what software or solutions you guys recommend.

My needs are to protect upto 10 servers, using about 100 IP's.

I've looked at a couple of solutions so far, such as:
- FreeBSD with ipfw
- NetMax software
- Mason Firewall

Any suggestions would be great, let me know if I'm barking up the wrong tree :D

TIA, Matt.

Have you checked out Gnatbox yet? It's based on the BSD kernel (mostly FreeBSD stuff, I believe). From what I understand, they also contribute generously to the *BSD development effort. :)

http://www.gta.com/products/main-gbpro.php

www.gta.com for other products

Forums: http://www.gnatbox.com/cgi-bin/Ultimate.cgi

An openbsd box with packetfilter and bi-natted IP's would do it.

NetMAX is definitely going to be the easiest solution if you need VPN capabilities and buy their VPN suite. Have you ever installed VPN stuff on a regular Linux distro? Very time consuming. NetMAX is actually my choice for implementing a VPN solution.

Gnatbox's licensing for their VPN stuff is outrageous. You have to pay per client. Grr. About as greedy as microsoft.

If you just need a firewall, though... Use Linux and netfilter/iptables. Or the die hard security/bsd lovers will say use openbsd.

A lot of people I talk to actually already have a cisco router with IOS firewall, but don't use it because they don't know how. It has many advanced features and is a decent firewall.

I would never recommend something as expensive as check point firewall unless your security policy required it's advanced features. It's probably not needed for 10 Internet servers offering similar service from the same data center.

That's my very vague 2 cent recommendation.

Many Thanks for your help Guys, it's given me some things to look into.

Cheers, Matt.