[CentOS] [OT] Corporate Firewall

William Warren hescominsoon at emmanuelcomputerconsulting.com
Thu Nov 10 19:16:07 UTC 2005


You can add failover via which license you buy with it..:)

Ajay Sharma wrote:
> 
> Wow.  Thanks for all the suggestions guys.  I went to bed with a list of 
> requirements and now I have a ton of more options to research.
> 
> One thing, has anyone used Astaro?  I was looking at their "security 
> gateway 220" product last night and it looked like it fit my needs:
> 
> http://www.astaro.com/firewall_network_security/asg220
> 
> It doesn't have the failover, but everything else was there.
> 
> There were other emails in regard to "size of the company" and other 
> stuff which I'll answer:
> 
>  - there's about 30 people here now, and we plan to add about 10 more 
> next year.
> 
>  - our firewall has a default deny in and out.  So we have to open up 
> ports for access and internally we have our own DNS and email so those 
> ports are closed.
> 
>  - we don't proxy any services.
> 
>  - I'm already a super busy admin/programmer so I kinda don't want to 
> babysit this thing (which is bad considering it's a fundamental 
> component of the network).  In any case, I'd rather buy a product and 
> keep it updated then have to build a home-grown type of solution.
> 
> Again, thanks for all your help.
> 
> --Ajay
> 
> Ajay Sharma wrote:
> 
>> Hey,
>>
>> The company I work for is in the market for a new firewall.  Right now 
>> we're hosting all of our own stuff (on CentOS servers) behind an old 
>> checkpoint firewall.
>>
>> I think Checkpoint is overkill for our needs and very expensive, plus 
>> I don't like the "per-user" charges of some commercial solutions.  
>> What do you guys suggest that we upgrade to?  Here are some of the 
>> features that I would like:
>>
>> 1) decent gui, either web based or a local client
>>
>> 2) usage graphs based on protocol.  So if our tiny T1 is saturated, I 
>> want to be able to find out what's eating up the bandwidth
>>
>> 3) VPN-friendly for a couple of road-warriors.  There won't be any 
>> remote offices so no server-to-server setups, just remote clients.
>>
>> 4) we have a DMZ and about 30 machines on the local network.  Everyone 
>> has a "normal" IP address, meaning that no one is behind NAT.  So it 
>> needs to handle this (which is pretty basic stuff)
>>
>> 5) high-availablity.  So if I buy two machines, one can successfully 
>> die and the other take over.
>>
>> 6) no per-user charges.  If the company hires a dozen people next 
>> year, we shouldn't have to "upgrade" our license.
>>
>> Right now we're looking at some open-source stuff like pfsense, 
>> m0n0wall, etc...  But I'm totally open to an affordable commercial 
>> firewall appliance.
>>
>> Thanks for you help.
>>
>> --Ajay
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.

-- carpe ductum -- "Grab the tape"
CDTT (Certified Duct Tape Technician)

Linux user #322099
Machines:
206822
256638
276825
http://counter.li.org/



More information about the CentOS mailing list