Results 1 to 18 of 18
  1. #1
    Join Date
    Mar 2003
    Location
    Duluth MN
    Posts
    3,863

    Recommend Firewall Solution?

    I'm doing some research to replace my existing firewall solution (home grown FreeBSD box using IPF in transparent bridged mode)

    I'm looking at the following solutions:

    Watchguard Firebox X500 : http://www.watchguard.com/products/x500.asp
    Sonicwall Pro 2040 : http://www.sonicwall.com/products/pro2040.html

    Or a homegrown setup with a 1U chassis runnning one of the following:
    Smoothwall: www.smoothwall.org
    IPCop: www.ipcop.org


    My current setup and needs are as such:

    {Internet} -> [Firewall] -> [Switch] -> (Servers)

    I have about 8-9 servers that will sit behind the firewall, with 4-5 subnet/ip ranges. All of the IP's are on a vlan to my port in my rack. So any IP can be assigned to any server in my rack.


    Any comments/suggestions?

  2. #2
    Not sure the smoothwall (Free) version will handle multiple RED (Internet) interface IP's out of the box, I know the paid for version does, but last I looked at it it didn't - needed a fair amount of tweaking if it's possible.

    Your existing BSD box sounds like a winner - Installing ipcop or smoothwall just about does the same but with a nice gui.
    If you don't need a gui - do you need to pay for software or use something that won't exactly do what you want out of the box?

    IPcop can handle multiple IP's on its red interface. I have used ipcop for a similar setup - no problems but took a bit of config'ing to how i wanted it.

    If you want absolute reliability and don't want to do much tinkering to get it working properly, get the paid version of smoothwall or buy an appliance with software already installed (You have support then and regular updates etc)- depends on your admin requirements, budget and traffic requirements as to which one you get.
    Last edited by DigitalN; 06-27-2005 at 10:42 PM.

  3. #3
    Join Date
    Aug 2002
    Location
    Atlanta, GA
    Posts
    1,114
    We run the WatchGuard X1000s. They have worked very well for us. No issues that I know of.

    We have the new Cisco ASA 5500 coming in xext week so I'll know about that soon.

    We have an outside firm mange the firewalls for us so I can't give any details but they say they prefer the WatchGuard over most firewalls because of it's easy of management.
    SiteSouth
    Atlanta, GA and Las Vegas, NV. Colocation

  4. #4
    Join Date
    Jul 2001
    Location
    Glasgow, Scotland
    Posts
    130
    I must throw in a very strong vote for m0n0wall here.
    Despite the weird name, their firewall software solution can match most hardware firewalls in the high-end market if used on the proper hardware...
    Then again, what is really a hardware firewall? No more than a custom server...

    Try m0n0wall, and be amazed!
    My development blog - (un)Interesting codesnippets and the occational code-related rant!

  5. #5
    Join Date
    Mar 2003
    Location
    Duluth MN
    Posts
    3,863
    Well, the biggest requirement I have is that the firewall acts as a transparent bridge, rather than actually assigning ip's to the firewall.

  6. #6
    Join Date
    Sep 2004
    Location
    Chicago, IL
    Posts
    214
    I 2nd m0n0wall
    Ben Lenard, MS, MBA
    TechMinds 4 Hire, Inc - (866) 214-1285 x 2001
    http://www.tm4h.com

  7. #7
    Argh! There goes 10 minutes of work, just because I posted URL's to firewalls in this reply. Okay, here goes again... just a bit shorter than my previous post:

    I would love to use m0n0wall if it had any antivirus or antispam options, sofar I have found 3 other (opensource) firewalls that do have these features built in.

    Endian, RedWall and Smoothwall.

    Does anyone have experience with these firewalls? If so, which one do you use or recommend?

  8. #8
    Join Date
    Dec 2004
    Posts
    45
    Having used Smoothwall in a hosting environment, I wouldn't recommend it. We ran a few low-traffic sites behind a smoothwall for about 6 months and had very poor performance. Having since moved to OpenBSD, performance is like night and day. That, combined with the fact that we can setup 2 OpenBSD boxes in automatic-failover using Carp/pfsync we wouldn't think about going back to Smoothwall.

    -cameron

  9. #9
    Quote Originally Posted by cameronsto
    . Having since moved to OpenBSD, performance is like night and day. That, combined with the fact that we can setup 2 OpenBSD boxes in automatic-failover using Carp/pfsync we wouldn't think about going back to Smoothwall.
    Thanks for the info! Is there an OpenBSD solution that filters viruses and spam?

  10. #10
    Let us not forget my personal favorite, Netscreen.
    *AlphaOmegaHosting.Com* - Hosting since 1998
    Managed Dedicated Servers and VPS
    Hosted Exchange 2010 Email Service

  11. #11
    Join Date
    Dec 2004
    Posts
    45
    Quote Originally Posted by FuryMedia
    Thanks for the info! Is there an OpenBSD solution that filters viruses and spam?
    As far as I know, there is not, but as a standalone firewall device it can't be beat.

    -cameron

  12. #12
    Too bad... I wouldn't mind paying for the right software, I just don't want a complete blackbox.

    And since I'll host a lot of webservers behind the firewall I would hate to have to install antivirus and antispam solutions on each and every server.

  13. #13
    If all goed well I should receive a nice little 1U P4 server with 1Gb memory today, I'll install Endian to start with... see how that works, I'll keep you posted

  14. #14
    Join Date
    Aug 2004
    Location
    Sheffield, United Kingdom
    Posts
    238
    I've used watchgaurds in a number of non - hosting environments and they work great, supports really good too. But they are expensive, you get what you pay for.
    █ Windows and Exchange Server Experts, UK and US Dedicated Exchange Servers.
    MCSE Certified, Registered Microsoft Partner.
    █ Exchange 2010, Server 2008 and IIS 7 Services now available!
    www.windowsserv.com Email: mail@windowsserv.com

  15. #15
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    You might want to check out www.networkbox.com.au. They offer a complete service, with free admin for their boxes. And they're smart people too, who I've known a long time. If you want a solid solution that will keep you safe and that will scan everything, this is the way to go.

  16. #16
    Join Date
    Jan 2002
    Location
    Monterrey, Mexico
    Posts
    172
    We are using smoothwall coporate 4.0 with smooth host and at this time integrating smoothzap (antispam-antivirus) and worked good from 7 months.

  17. #17
    Quote Originally Posted by carlosamador
    We are using smoothwall coporate 4.0 with smooth host and at this time integrating smoothzap (antispam-antivirus) and worked good from 7 months.
    Does smoothwall work as a "transparent bridge"?

    Doe the antivirus / antispam options work in a transparent bridge setup without having to add every domain to your firewall?

  18. #18
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    You get what you pay for ...
    I forgot to say, the www.network-box.com.au solution I mentioned above comes with a years free admin, done by knowledgeable guys. When looking at solutions, don't forget to figure in the admin costs, with the wrong firewall they could be quite high! Cheap aint always cheap.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •