JP Vossen on 1 Dec 2009 14:07:42 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/UTM recommendations?

> Date: Tue, 1 Dec 2009 08:36:41 -0500
> From: Mike Sheinberg <>
> Subject: [PLUG] Firewall/UTM recommendations?
> I'm looking for a firewall/UTM solution to replace my company's old PIX
> firewall and was hoping to get some advice from the group. In the past I've
> used Astaro's Security Gateway which proved to be a stable and feature-full
> device. The network parameters include about 10 users, hosting of an email
> server, and a T1 WAN link (soon to be 3Mb/s; up from 1.5Mb). Personally, I'd
> prefer something with a web GUI but if someone can convince me why I should
> really learn IOS or some other command line solution I'll definitely take it
> under consideration. The thing I liked about the Astaro products is that it
> will likely play nice with our Linux environment since it allowed for things
> like log forwarding, openVPN connections, and LDAP authentication.

I like M0n0wall (, which is FreeBSD-based, web-GUI, single XML 
file for the *entire* system/config (so trivial change control, backout, 
DR).  It's intended to be embedded, so it's small and tight, but it runs 
on a regular PC just fine.  Or you can run from a CD-ROM+floppy (or USB 
IIRC), which can be neat under some circumstances.

There is also pfSense (, which is based on M0n0wall but a 
philosophical fork in that it is not intended to be embedded and it 
intentionally includes "more stuff" on the box (incoming/outgoing load 
balancing, p0f, HA, and more).

Both are F/OSS and I think you can also get commercial/contracted 
support for them.

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --