Lee Marzke on 1 Aug 2006 19:29:37 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall appliance; dig

I've been using Endian FW 1.1rc8 for about 6 months now. Has Qos features for
VOIP. Also has a working OpenVPN solution with free Windows
clients. Requires a PC with 2 or more NIC's depending on weather you need
a separate DMZ or WiFi zone.

If SonicWall doesn't do SMTP and POP3 filtering with SpamAssassin then
this may be a benefit of using Endian.   Also Endian supports transparent
proxying -  so you don't have to run around and enter proxy settings on
every Windows browser,  Endian rewrites the packets on-the-fly to goto
the Proxy.

The 2.0 version just came out recently,  but I haven't tried it yet.

The trade-off with this verses SonicWall, etc. are

1. The appliance will likely be more reliable in the long run.   The default
   is EFW running on a single non-RAID disk.
2. The appliance uses less power than a whole PC.  Much smaller footprint.
3. EFW upgrades currently require a local full OS re-install.

In contrast, EFW likely has more features, like built in bandwidth monitoring
etc. I install EFW in small NetVista Flex-ATX cases ( not much bigger than
a phone book) which offsets the size and power somewhat.

EFW has a hardware based appliance in development which may be the best
option for commercial use as they will likely run it off of RAID and possibly
have redundant power supplies.

Lee Marzke     <lmarzke@4aero.com>



Carl Husa wrote: 
Two separate questions.

1.  I have been asked to set up system in a physician's office - a small start up solo practice, with tight resources.  The medical practice software has already been selected, and will run on MS Windows.  Givent hat users will be accessing the site remotely through teh internet, and the importance of HIPAA and private health information, I want to set up a firewall appliance.  I've looked at Sonicwall and Trustix, butwould like more options if available.  I'd like opinions on appropriate devices for an appliance budget of around $1000, and on recommendations you might have on application firewalls that might be appropriate for the small office.  Of course, I'm looking at running Linux.  Additionally, any opinions on what other "stuff" I might want to be looking for would be a great help.

2.  Separately, I'm trying to get "dig,(BIND 9.3.2 " the alternative to nslookup, to run on an XP box.  Followed the excellent instructions at http://pigtail.net/LRP/dig/, but keep getting an error message that a nameserver cannot be found.  The corresponding nslookup command works just fine.  Does the resolv.conf file have a special format for dig?

Thanks

Carl

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

begin:vcard
fn:Lee Marzke
n:Marzke;Lee
email;internet:lee@marzke.net
tel;work:800 393 5217
tel;home:610 454 9354
version:2.1
end:vcard


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug