Wow. Thanks for all the suggestions guys. I went to bed with a list of requirements and now I have a ton of more options to research.
One thing, has anyone used Astaro? I was looking at their "security gateway 220" product last night and it looked like it fit my needs:
http://www.astaro.com/firewall_network_security/asg220
It doesn't have the failover, but everything else was there.
There were other emails in regard to "size of the company" and other stuff which I'll answer:
- there's about 30 people here now, and we plan to add about 10 more next year.
- our firewall has a default deny in and out. So we have to open up ports for access and internally we have our own DNS and email so those ports are closed.
- we don't proxy any services.
- I'm already a super busy admin/programmer so I kinda don't want to babysit this thing (which is bad considering it's a fundamental component of the network). In any case, I'd rather buy a product and keep it updated then have to build a home-grown type of solution.
Again, thanks for all your help.
--Ajay
Ajay Sharma wrote:
Hey,
The company I work for is in the market for a new firewall. Right now we're hosting all of our own stuff (on CentOS servers) behind an old checkpoint firewall.
I think Checkpoint is overkill for our needs and very expensive, plus I don't like the "per-user" charges of some commercial solutions. What do you guys suggest that we upgrade to? Here are some of the features that I would like:
decent gui, either web based or a local client
usage graphs based on protocol. So if our tiny T1 is saturated, I
want to be able to find out what's eating up the bandwidth
- VPN-friendly for a couple of road-warriors. There won't be any
remote offices so no server-to-server setups, just remote clients.
- we have a DMZ and about 30 machines on the local network. Everyone
has a "normal" IP address, meaning that no one is behind NAT. So it needs to handle this (which is pretty basic stuff)
- high-availablity. So if I buy two machines, one can successfully die
and the other take over.
- no per-user charges. If the company hires a dozen people next year,
we shouldn't have to "upgrade" our license.
Right now we're looking at some open-source stuff like pfsense, m0n0wall, etc... But I'm totally open to an affordable commercial firewall appliance.
Thanks for you help.
--Ajay _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos