[CentOS] [OT] Corporate Firewall

Ajay Sharma ssharma at revsharecorp.com
Thu Nov 10 17:56:10 UTC 2005 

Wow.  Thanks for all the suggestions guys.  I went to bed with a list of 
requirements and now I have a ton of more options to research.

One thing, has anyone used Astaro?  I was looking at their "security 
gateway 220" product last night and it looked like it fit my needs:

http://www.astaro.com/firewall_network_security/asg220

It doesn't have the failover, but everything else was there.

There were other emails in regard to "size of the company" and other 
stuff which I'll answer:

  - there's about 30 people here now, and we plan to add about 10 more 
next year.

  - our firewall has a default deny in and out.  So we have to open up 
ports for access and internally we have our own DNS and email so those 
ports are closed.

  - we don't proxy any services.

  - I'm already a super busy admin/programmer so I kinda don't want to 
babysit this thing (which is bad considering it's a fundamental 
component of the network).  In any case, I'd rather buy a product and 
keep it updated then have to build a home-grown type of solution.

Again, thanks for all your help.

--Ajay

Ajay Sharma wrote:
> Hey,
> 
> The company I work for is in the market for a new firewall.  Right now 
> we're hosting all of our own stuff (on CentOS servers) behind an old 
> checkpoint firewall.
> 
> I think Checkpoint is overkill for our needs and very expensive, plus I 
> don't like the "per-user" charges of some commercial solutions.  What do 
> you guys suggest that we upgrade to?  Here are some of the features that 
> I would like:
> 
> 1) decent gui, either web based or a local client
> 
> 2) usage graphs based on protocol.  So if our tiny T1 is saturated, I 
> want to be able to find out what's eating up the bandwidth
> 
> 3) VPN-friendly for a couple of road-warriors.  There won't be any 
> remote offices so no server-to-server setups, just remote clients.
> 
> 4) we have a DMZ and about 30 machines on the local network.  Everyone 
> has a "normal" IP address, meaning that no one is behind NAT.  So it 
> needs to handle this (which is pretty basic stuff)
> 
> 5) high-availablity.  So if I buy two machines, one can successfully die 
> and the other take over.
> 
> 6) no per-user charges.  If the company hires a dozen people next year, 
> we shouldn't have to "upgrade" our license.
> 
> Right now we're looking at some open-source stuff like pfsense, 
> m0n0wall, etc...  But I'm totally open to an affordable commercial 
> firewall appliance.
> 
> Thanks for you help.
> 
> --Ajay
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list