[CentOS] [OT] Corporate Firewall

Daniel Wright dw at wonderwave.net
Thu Nov 10 08:31:35 UTC 2005

http://www.mikrotik.com   They have a demo online you can check out.  
Read about it here. http://www.mikrotik.com/2index.html (left side of page)

The initial learning curve isn't to hard to get around, but once you 
understand it, its a breeze to work with.  Took me a long weekend.  
Definately worth looking into

The rest inline........

Ajay Sharma wrote:
> Hey,
> The company I work for is in the market for a new firewall.  Right now 
> we're hosting all of our own stuff (on CentOS servers) behind an old 
> checkpoint firewall.
> I think Checkpoint is overkill for our needs and very expensive, plus 
> I don't like the "per-user" charges of some commercial solutions.  
> What do you guys suggest that we upgrade to?  Here are some of the 
> features that I would like:
> 1) decent gui, either web based or a local client
They have a great local client gui called winbox.  Works under wine if 
you have linux stations.
> 2) usage graphs based on protocol.  So if our tiny T1 is saturated, I 
> want to be able to find out what's eating up the bandwidth
They have graphing built in but for traffic on interfaces and queues.  
You can set up queues based on mangle rules with no limits and graph 
these as well.  Otherwise they have a tool called torch, where you can 
view traffic in real time and use filters to find your bandwidth hog.
> 3) VPN-friendly for a couple of road-warriors.  There won't be any 
> remote offices so no server-to-server setups, just remote clients.
Does ipsec PPTP and L2TP. Very easy to setup.
> 4) we have a DMZ and about 30 machines on the local network.  Everyone 
> has a "normal" IP address, meaning that no one is behind NAT.  So it 
> needs to handle this (which is pretty basic stuff)
does that
> 5) high-availablity.  So if I buy two machines, one can successfully 
> die and the other take over.
VRRP- Very redundant router protocol.  Built in........
> 6) no per-user charges.  If the company hires a dozen people next 
> year, we shouldn't have to "upgrade" our license.
And last but not least.  Runs on any i386 based pc and the software 
costs $45-$65 a license which gives you a year of updates. Buy multiple 
year licenses and the price goes down.
Renew prices are cheaper than new.
> Right now we're looking at some open-source stuff like pfsense, 
> m0n0wall, etc...  But I'm totally open to an affordable commercial 
> firewall appliance.
> Thanks for you help.
> --Ajay
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

More information about the CentOS mailing list