Re: [CentOS] [OT] Corporate Firewall

http://www.mikrotik.com They have a demo online you can check out. Read about it here. http://www.mikrotik.com/2index.html (left side of page)

The initial learning curve isn't to hard to get around, but once you understand it, its a breeze to work with. Took me a long weekend. Definately worth looking into

The rest inline........

Ajay Sharma wrote:

Hey,

The company I work for is in the market for a new firewall. Right now we're hosting all of our own stuff (on CentOS servers) behind an old checkpoint firewall.

I think Checkpoint is overkill for our needs and very expensive, plus I don't like the "per-user" charges of some commercial solutions. What do you guys suggest that we upgrade to? Here are some of the features that I would like:

1. decent gui, either web based or a local client

They have a great local client gui called winbox. Works under wine if you have linux stations.

2. usage graphs based on protocol. So if our tiny T1 is saturated, I

want to be able to find out what's eating up the bandwidth

They have graphing built in but for traffic on interfaces and queues. You can set up queues based on mangle rules with no limits and graph these as well. Otherwise they have a tool called torch, where you can view traffic in real time and use filters to find your bandwidth hog.

3. VPN-friendly for a couple of road-warriors. There won't be any

remote offices so no server-to-server setups, just remote clients.

Does ipsec PPTP and L2TP. Very easy to setup.

4. we have a DMZ and about 30 machines on the local network. Everyone

has a "normal" IP address, meaning that no one is behind NAT. So it needs to handle this (which is pretty basic stuff)

does that

5. high-availablity. So if I buy two machines, one can successfully

die and the other take over.

VRRP- Very redundant router protocol. Built in........

6. no per-user charges. If the company hires a dozen people next

year, we shouldn't have to "upgrade" our license.

And last but not least. Runs on any i386 based pc and the software costs $45-$65 a license which gives you a year of updates. Buy multiple year licenses and the price goes down. Renew prices are cheaper than new.

Right now we're looking at some open-source stuff like pfsense, m0n0wall, etc... But I'm totally open to an affordable commercial firewall appliance.

Thanks for you help.

--Ajay _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos