Results 1 to 18 of 18
Thread: Recommend Firewall Solution?
-
06-27-2005, 08:21 PM #1Web Hosting Master
- Join Date
- Mar 2003
- Location
- Duluth MN
- Posts
- 3,863
Recommend Firewall Solution?
I'm doing some research to replace my existing firewall solution (home grown FreeBSD box using IPF in transparent bridged mode)
I'm looking at the following solutions:
Watchguard Firebox X500 : http://www.watchguard.com/products/x500.asp
Sonicwall Pro 2040 : http://www.sonicwall.com/products/pro2040.html
Or a homegrown setup with a 1U chassis runnning one of the following:
Smoothwall: www.smoothwall.org
IPCop: www.ipcop.org
My current setup and needs are as such:
{Internet} -> [Firewall] -> [Switch] -> (Servers)
I have about 8-9 servers that will sit behind the firewall, with 4-5 subnet/ip ranges. All of the IP's are on a vlan to my port in my rack. So any IP can be assigned to any server in my rack.
Any comments/suggestions?
-
06-27-2005, 10:38 PM #2Disabled
- Join Date
- Dec 2004
- Posts
- 229
Not sure the smoothwall (Free) version will handle multiple RED (Internet) interface IP's out of the box, I know the paid for version does, but last I looked at it it didn't - needed a fair amount of tweaking if it's possible.
Your existing BSD box sounds like a winner - Installing ipcop or smoothwall just about does the same but with a nice gui.
If you don't need a gui - do you need to pay for software or use something that won't exactly do what you want out of the box?
IPcop can handle multiple IP's on its red interface. I have used ipcop for a similar setup - no problems but took a bit of config'ing to how i wanted it.
If you want absolute reliability and don't want to do much tinkering to get it working properly, get the paid version of smoothwall or buy an appliance with software already installed (You have support then and regular updates etc)- depends on your admin requirements, budget and traffic requirements as to which one you get.Last edited by DigitalN; 06-27-2005 at 10:42 PM.
-
06-27-2005, 10:45 PM #3Web Hosting Master
- Join Date
- Aug 2002
- Location
- Atlanta, GA
- Posts
- 1,114
We run the WatchGuard X1000s. They have worked very well for us. No issues that I know of.
We have the new Cisco ASA 5500 coming in xext week so I'll know about that soon.
We have an outside firm mange the firewalls for us so I can't give any details but they say they prefer the WatchGuard over most firewalls because of it's easy of management.SiteSouth
Atlanta, GA and Las Vegas, NV. Colocation
-
06-28-2005, 12:04 AM #4WHT Addict
- Join Date
- Jul 2001
- Location
- Glasgow, Scotland
- Posts
- 130
I must throw in a very strong vote for m0n0wall here.
Despite the weird name, their firewall software solution can match most hardware firewalls in the high-end market if used on the proper hardware...
Then again, what is really a hardware firewall? No more than a custom server...
Try m0n0wall, and be amazed!My development blog - (un)Interesting codesnippets and the occational code-related rant!
-
06-28-2005, 12:36 AM #5Web Hosting Master
- Join Date
- Mar 2003
- Location
- Duluth MN
- Posts
- 3,863
Well, the biggest requirement I have is that the firewall acts as a transparent bridge, rather than actually assigning ip's to the firewall.
-
06-28-2005, 10:38 AM #6Junior Guru
- Join Date
- Sep 2004
- Location
- Chicago, IL
- Posts
- 214
I 2nd m0n0wall
-
12-06-2005, 05:37 PM #7Newbie
- Join Date
- Dec 2005
- Posts
- 5
Argh! There goes 10 minutes of work, just because I posted URL's to firewalls in this reply. Okay, here goes again... just a bit shorter than my previous post:
I would love to use m0n0wall if it had any antivirus or antispam options, sofar I have found 3 other (opensource) firewalls that do have these features built in.
Endian, RedWall and Smoothwall.
Does anyone have experience with these firewalls? If so, which one do you use or recommend?
-
12-06-2005, 08:50 PM #8Junior Guru Wannabe
- Join Date
- Dec 2004
- Posts
- 45
Having used Smoothwall in a hosting environment, I wouldn't recommend it. We ran a few low-traffic sites behind a smoothwall for about 6 months and had very poor performance. Having since moved to OpenBSD, performance is like night and day. That, combined with the fact that we can setup 2 OpenBSD boxes in automatic-failover using Carp/pfsync we wouldn't think about going back to Smoothwall.
-cameron
-
12-07-2005, 03:33 AM #9Newbie
- Join Date
- Dec 2005
- Posts
- 5
Originally Posted by cameronsto
-
12-07-2005, 04:38 AM #10Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,162
Let us not forget my personal favorite, Netscreen.
*AlphaOmegaHosting.Com* - Hosting since 1998
Managed Dedicated Servers and VPS
Hosted Exchange 2010 Email Service
-
12-07-2005, 10:48 AM #11Junior Guru Wannabe
- Join Date
- Dec 2004
- Posts
- 45
Originally Posted by FuryMedia
-cameron
-
12-07-2005, 10:53 AM #12Newbie
- Join Date
- Dec 2005
- Posts
- 5
Too bad... I wouldn't mind paying for the right software, I just don't want a complete blackbox.
And since I'll host a lot of webservers behind the firewall I would hate to have to install antivirus and antispam solutions on each and every server.
-
12-08-2005, 07:18 AM #13Newbie
- Join Date
- Dec 2005
- Posts
- 5
If all goed well I should receive a nice little 1U P4 server with 1Gb memory today, I'll install Endian to start with... see how that works, I'll keep you posted
-
12-08-2005, 07:27 AM #14Junior Guru
- Join Date
- Aug 2004
- Location
- Sheffield, United Kingdom
- Posts
- 238
I've used watchgaurds in a number of non - hosting environments and they work great, supports really good too. But they are expensive, you get what you pay for.
█ Windows and Exchange Server Experts, UK and US Dedicated Exchange Servers.
█ MCSE Certified, Registered Microsoft Partner.
█ Exchange 2010, Server 2008 and IIS 7 Services now available!
█ www.windowsserv.com Email: mail@windowsserv.com
-
12-08-2005, 08:42 AM #15Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
You might want to check out www.networkbox.com.au. They offer a complete service, with free admin for their boxes. And they're smart people too, who I've known a long time. If you want a solid solution that will keep you safe and that will scan everything, this is the way to go.
-
12-14-2005, 01:31 PM #16WHT Addict
- Join Date
- Jan 2002
- Location
- Monterrey, Mexico
- Posts
- 172
We are using smoothwall coporate 4.0 with smooth host and at this time integrating smoothzap (antispam-antivirus) and worked good from 7 months.
-
12-14-2005, 02:07 PM #17Newbie
- Join Date
- Dec 2005
- Posts
- 5
Originally Posted by carlosamador
Doe the antivirus / antispam options work in a transparent bridge setup without having to add every domain to your firewall?
-
12-15-2005, 02:12 AM #18Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
You get what you pay for ...