Mike Sheinberg on 2 Dec 2009 05:54:13 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/UTM recommendations?

Wow. Thanks for all the input everyone. Didn't realize there'd be so much variety in the UTM landscape... Looks like I got a lot of research to do :)

@Lee: This topic does sound like one that would be interesting for a group meeting. By the time one is rounded up I'll probably have purchased a solution but someone else could definitely benefit from this knowledge.


On Tue, Dec 1, 2009 at 5:07 PM, JP Vossen <jp@jpsdomain.org> wrote:
> Date: Tue, 1 Dec 2009 08:36:41 -0500
> From: Mike Sheinberg <m.sheiny@gmail.com>
> Subject: [PLUG] Firewall/UTM recommendations?
> I'm looking for a firewall/UTM solution to replace my company's old PIX
> firewall and was hoping to get some advice from the group. In the past I've
> used Astaro's Security Gateway which proved to be a stable and feature-full
> device. The network parameters include about 10 users, hosting of an email
> server, and a T1 WAN link (soon to be 3Mb/s; up from 1.5Mb). Personally, I'd
> prefer something with a web GUI but if someone can convince me why I should
> really learn IOS or some other command line solution I'll definitely take it
> under consideration. The thing I liked about the Astaro products is that it
> will likely play nice with our Linux environment since it allowed for things
> like log forwarding, openVPN connections, and LDAP authentication.

I like M0n0wall (m0n0.ch), which is FreeBSD-based, web-GUI, single XML
file for the *entire* system/config (so trivial change control, backout,
DR).  It's intended to be embedded, so it's small and tight, but it runs
on a regular PC just fine.  Or you can run from a CD-ROM+floppy (or USB
IIRC), which can be neat under some circumstances.

There is also pfSense (pfSense.org), which is based on M0n0wall but a
philosophical fork in that it is not intended to be embedded and it
intentionally includes "more stuff" on the box (incoming/outgoing load
balancing, p0f, HA, and more).

Both are F/OSS and I think you can also get commercial/contracted
support for them.

JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug