06-24-2008, 03:24 PM
|
|
Junior Guru
|
|
Join Date: May 2008
Posts: 178
|
|
a good firewall
well i need to acquire a good firewall (price friendly) nothing too advanced just one that gets the job done (port/ip filtering, etc)
its for a small business, any ideas? i know that cisco stuff is some of the best available, but they are kinda expensive.
PS: dunno if this goes in this forum, if im wrong move the thread to the right forum
|
06-24-2008, 03:31 PM
|
|
Newbie
|
|
Join Date: Jun 2008
Location: NY
Posts: 17
|
|
how about a Cisco ASA 5505? (with the advanced license) runs about $1100 combined. the advanced license is needed for dmz creation, also uncreases number of concurrent connections from 10k to 25k.
HTH
|
06-24-2008, 05:58 PM
|
|
WHT Addict
|
|
Join Date: Mar 2008
Posts: 110
|
|
Quote:
Originally Posted by madpato
well i need to acquire a good firewall (price friendly) nothing too advanced just one that gets the job done (port/ip filtering, etc)
its for a small business, any ideas? i know that cisco stuff is some of the best available, but they are kinda expensive.
PS: dunno if this goes in this forum, if im wrong move the thread to the right forum
|
Just configure iptables, it's free!
|
06-24-2008, 06:29 PM
|
|
Web Hosting Master
|
|
Join Date: Oct 2002
Location: Vancouver, B.C.
Posts: 1,867
|
|
Check out pfsense, it's FreeBSD with PF and a user friendly web interface.
__________________
Han Hwei Woo, ASTUTE HOSTING AS54527 *Advanced and customized solutions for the savvy customer!*
Dedicated Hosting and CDN out of Vancouver, Seattle, LA, Toronto, NY, Miami, and (soon) London
We include CDN, anycast DNS, onboard KVMoIP, firewall, local and global load-balancing, and privatenet with all servers.
sales@astutehosting.com
|
06-24-2008, 06:35 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Apr 2008
Posts: 85
|
|
thats how I do the firewall too....
Just configure iptables, it's free
Via webmin(makes it easy to configure) its called linux firewall in webmin....
|
06-24-2008, 07:58 PM
|
|
Newbie
|
|
Join Date: Mar 2007
Posts: 15
|
|
I second PFSense. It's stupidly flexible and capable.
|
06-24-2008, 09:02 PM
|
|
Web Host
|
|
Join Date: Jun 2002
Posts: 1,787
|
|
I'll third pfsense, and works nicely as a transparent bridge.
|
06-25-2008, 04:19 PM
|
|
Junior Guru
|
|
Join Date: May 2008
Posts: 178
|
|
i do have iptables, the deal is that i need a firewall for a server rack, so it must be hardware -.-
|
06-25-2008, 04:41 PM
|
|
Newbie
|
|
Join Date: May 2005
Posts: 25
|
|
You need a Netscreen SSG-5. They are very inexpensive, very solid, and very fast. Just my $.02 
|
06-25-2008, 06:16 PM
|
|
Web Hosting Master
|
|
Join Date: Feb 2008
Posts: 792
|
|
You could get a 1U server with two nics and make it dedicated as a Linux firewall (pfsense, or other distro)
|
06-25-2008, 06:19 PM
|
|
WHT Addict
|
|
Join Date: Feb 2008
Location: Murfreesboro, TN
Posts: 162
|
|
Quote:
Originally Posted by Red Squirrel
You could get a 1U server with two nics and make it dedicated as a Linux firewall (pfsense, or other distro)
|
This. I'm actually working on something very similar to this myself.
__________________
█ Chris Reed
█ Revogate Inc.
█ Revolutionizing Business Technology
█ Web Hosting, XenServer Virtualization, and IT Consulting
|
06-25-2008, 07:40 PM
|
|
Web Hosting Master
|
|
Join Date: Oct 2001
Location: USA
Posts: 1,020
|
|
If you attempt to turn a server into a firewall, you may want to consider redundancy due to possibility of HD crash, and so on. If your network is mission critical, I highly recommend to get a ready made, solid state firewall such as Netscreen, Sonicwall, Tipping Point or TopLayer.
If you want to handle DoS/DDoS, I recommend Gigabit interface. A lot of DoS/DDoS today can go as high as 400-500 or even 700Mbps. So, if your pipe to your provider is only 100Mbps, your firewall will only be effective to block less than 100Mbps attack.
Just a thought. 
__________________
Reyner Natahamidjaja | GIP Networks Inc
SSAE 16 SOC 1 Type II, PCI Compliant and 24/7 Dedicated Onsite Staff
Protecting Businesses Against Power Outage and Down Time
|
06-26-2008, 12:21 PM
|
|
Junior Guru
|
|
Join Date: May 2008
Posts: 178
|
|
Quote:
Originally Posted by rey
If you attempt to turn a server into a firewall, you may want to consider redundancy due to possibility of HD crash, and so on. If your network is mission critical, I highly recommend to get a ready made, solid state firewall such as Netscreen, Sonicwall, Tipping Point or TopLayer.
If you want to handle DoS/DDoS, I recommend Gigabit interface. A lot of DoS/DDoS today can go as high as 400-500 or even 700Mbps. So, if your pipe to your provider is only 100Mbps, your firewall will only be effective to block less than 100Mbps attack.
Just a thought. |
The idea of pfsense is really interesting but our servers ar "almost" mission critical so i need something i can rely on. Any specific model u could tell me about?
|
06-26-2008, 03:53 PM
|
|
Web Hosting Master
|
|
Join Date: Oct 2001
Location: USA
Posts: 1,020
|
|
I've seen this more and more in our datacenter (both our cabinet and cage customers use this):
http://www.sonicguard.com/PRO4060.asp
Everyone seems to be happy with Sonicwall. It has quite a few features and easy management GUI.
Hope this helps.
__________________
Reyner Natahamidjaja | GIP Networks Inc
SSAE 16 SOC 1 Type II, PCI Compliant and 24/7 Dedicated Onsite Staff
Protecting Businesses Against Power Outage and Down Time
|
06-26-2008, 04:16 PM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2008
Location: United Kingdom
Posts: 338
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
