Lowell Higley on 4 Jul 2017 07:18:50 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall choices for a small software development business

This isn't open source but I found the solution to be pretty good. 

Unifi Security Gateway [Amazon] [Ubiquiti]

It has a firewall but has a lot of additional functionality when combined with the controller software (free).  I used to be an OpenWRT guy but found this to be a much better solution. I can manage all of my network hardware (as long as it is Unifi hardware) from a single interface, create VLANs, manage APs, guest LANs, upgrade hardware, etc.  I'm pretty pleased with it and the hardware is pretty reasonably priced.  They even have a mobile app where you can manage/monitor your network hardware. I've found the ecosystem to be reasonably priced.  $100 for the Security Gateway.

Ubiquiti, I believe, started out as a WISP hardware vendor and then expanded from there.  I've found most of their stuff to be excellent.  The only weakness is the controller UI doesn't have all the capabilities you may want (say openvpn client) but you can ssh into the hardware and configure that way.  The other downfall, imho, is they only officially support Debian based distros.  They do release a zip file (unsupported) that I use on Arch and there is a community created/supported RPM for RH/CentOS.

Hint: You can join their beta program and get hardware at 50%.  I've bought a lot of hardware this way and never had a problem with any of it.  You have to stay on top of it because the beta hardware moves pretty fast.

On Mon, Jul 3, 2017 at 11:40 AM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
A couple of weeks hence, our new software startup YottaDB LLC (yottadb.com) will move into new space in Malvern, and I need to set up Internet access. Both Comcast and Verizon are available on the building, and I haven't chosen one.

This e-mail is to solicit opinions about a firewall. I don't know what sort of firewall they provide by default with business Internet service (perhaps none?) but I suspect I will need to set up our own firewall as well. We are starting out with three developers, and will scale up over a year to perhaps a half dozen and at most a dozen. I don't anticipate hosting our web site locally, but I will need inbound access, for which I am currently thinking of ssh with port knocking, rather than VPN.

It seems to me there are three choices:
  • Buy a router (discussed on the list recently), or perhaps
    ​flash ​an existing router from OpenWRT 12.09 to a newer release.
  • Get a dedicated PC and:
    • run a specialized distro like IPFire or ClearOS; or
    • run a general distro like Debian Stable and a firewall like Shorewall.

Comments, suggestions, and recommendations welcome. Thanks in advance.

-- Bhaskar

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug