Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
firewall choices
- Thread starter mudddawg
- Start date
Hi,
Have a look at . Its not really detailed but it does compare almost all firewalls out there...
Regards
Have a look at . Its not really detailed but it does compare almost all firewalls out there...
Regards
HI.
Here is another one:
Yizhar Hurwitz
Here is another one:
Yizhar Hurwitz
If you have the money to spare, go with a firewall called Gauntlet. I am running Gauntlet 6.0 on Solaris8 and have had no problems to date. The previous version 5.5 running on Solaris 2.6 was also a great release.
Like I said have your pocket book ready. Those guys at PGP don't like to charge lightly.
Like I said have your pocket book ready. Those guys at PGP don't like to charge lightly.
Or, you could always take the hardcore geek approach, and get one of the *BSDs, and learn how to recompile the kernel for ipfw or ipfilter support, and how to do manipulate the related config files.
See for an intro. And
I wouldn't recommend the "home-grown" approach if you want to do something like content filtering, but if you need basic robust firewall security, with the ability to define a faily sophisticated IP filtering ruleset, then this is not a bad approach. AND you will really learn about how internet security works. The downside is that it takes some serious reading. The upside is that once you learn it, you can deploy a BSD firewall fairly rapidly, expecially if you build up your own libraries of standardized rulesets, and there are no licensing costs at all.
I am no Unix security guru, but I managed, without too much trouble, to recompile FreeBSD with ipfw on a modest piece of used hardware, and set it up as my home DSL gateway. Thus I can breathe a lot easier when my wife is online with Win98 or when I have to test out insecure settings on my main workstation, since they all have internal IP's and I can filter out any IP address (or group) to any port I want. The first time I did this, it took the better part of a day, but now I can pretty much have a basic firewall up and running in a couple hours.
Beyond this, the BSD's are often where the TCP/IP security standards are set, so there is almost always support for the other sophisticated security systems. Here is a link for setting up IPsec on OpenBSD:
Just search and for articles related to firewalling and security and you will see what I mean. (HINT: quite often the commercial firewalls are running some slightly proprietized version of BSD, and using many of these protocols which are freely available)
See for an intro. And
I wouldn't recommend the "home-grown" approach if you want to do something like content filtering, but if you need basic robust firewall security, with the ability to define a faily sophisticated IP filtering ruleset, then this is not a bad approach. AND you will really learn about how internet security works. The downside is that it takes some serious reading. The upside is that once you learn it, you can deploy a BSD firewall fairly rapidly, expecially if you build up your own libraries of standardized rulesets, and there are no licensing costs at all.
I am no Unix security guru, but I managed, without too much trouble, to recompile FreeBSD with ipfw on a modest piece of used hardware, and set it up as my home DSL gateway. Thus I can breathe a lot easier when my wife is online with Win98 or when I have to test out insecure settings on my main workstation, since they all have internal IP's and I can filter out any IP address (or group) to any port I want. The first time I did this, it took the better part of a day, but now I can pretty much have a basic firewall up and running in a couple hours.
Beyond this, the BSD's are often where the TCP/IP security standards are set, so there is almost always support for the other sophisticated security systems. Here is a link for setting up IPsec on OpenBSD:
Just search and for articles related to firewalling and security and you will see what I mean. (HINT: quite often the commercial firewalls are running some slightly proprietized version of BSD, and using many of these protocols which are freely available)
Heres one for you, I'm currently using this easy to setup linux based firewall.
It really is easy to set up and depending on your bandwidth/user load requirement you install it on hardware suitable for the job.
My work network has 30 users on a leased line, I run smoothwall on a p100 with 32 mb ram and its flies.
At home for my 3 machines it runs just great on a 386 sx25 with 16mb ram.
You have to see it to believe just how much you get for your money.
There is an enterprise version due out in the next few days which will boast a whole bunch of new features too.
Don't take my word for it, try it yourself. I can't have sent that email, it says from Superuser.
It really is easy to set up and depending on your bandwidth/user load requirement you install it on hardware suitable for the job.
My work network has 30 users on a leased line, I run smoothwall on a p100 with 32 mb ram and its flies.
At home for my 3 machines it runs just great on a 386 sx25 with 16mb ram.
You have to see it to believe just how much you get for your money.
There is an enterprise version due out in the next few days which will boast a whole bunch of new features too.
Don't take my word for it, try it yourself. I can't have sent that email, it says from Superuser.
jrjuiliano
MIS
I too am using Smoothwall on our network, and will have a Velociraptor 500 model hooked up pretty soon.
I'm planning on using the Smoothie to run a proxy.
I like Smoothwall, but I think it lacks a couple of features in their front end interface. I would love to see some kind of access control list (add user, allow, deny, etc), but alas I am not a programmer.
It's still a good firewall though. J.R. Juiliano
Information Systems Specialist
Tri-City Emergency Medical Group
I'm planning on using the Smoothie to run a proxy.
I like Smoothwall, but I think it lacks a couple of features in their front end interface. I would love to see some kind of access control list (add user, allow, deny, etc), but alas I am not a programmer.
It's still a good firewall though. J.R. Juiliano
Information Systems Specialist
Tri-City Emergency Medical Group
There are several "firewalls" for Linux that run very sweetly on low end Pentiums. ipchains / ipfwadm is very robust if configured properly (as they all are).
I can't find the URL but there is a great site that has a sort of wizard to build your script for you - just key in the details and hit GO.
Personally I like Cisco and a Pix in a rack looks a lot nicer than a Pentium
I can't find the URL but there is a great site that has a sort of wizard to build your script for you - just key in the details and hit GO.
Personally I like Cisco and a Pix in a rack looks a lot nicer than a Pentium
brianpaterson
IS-IT--Management
Before you pick a firewall you need to answer the following questions:
Is the speed of throughput on my internet connection mission critical?
What am I actually protecting?
(Is it a service network or a straight hop onto your live net)
Different firewalls are good at different things. I personnaly love Raptor but then, I'm a user and my experience has not been in an environment where high throughput has been critical. Raptor tends to suck in this scenario. Checkpoint on the other hand works in a different manner and can rip along at light speed.
I would suggest you list your actual requiremnents including those mentioned above (include current spare capacity on your bandwidth, future growth predictions, direction of connections, type of apps used.....etc).
Then check the available literature (always compare vendor blurb with consumer opinion) for each of these points and award it a score. Your most mission critical feature should attract a higher weighted score.
With these totals expressed as a percentage you can get a fair idea of what is in and out of the running.
then raid the piggy bank.....
B-)
Brian
Is the speed of throughput on my internet connection mission critical?
What am I actually protecting?
(Is it a service network or a straight hop onto your live net)
Different firewalls are good at different things. I personnaly love Raptor but then, I'm a user and my experience has not been in an environment where high throughput has been critical. Raptor tends to suck in this scenario. Checkpoint on the other hand works in a different manner and can rip along at light speed.
I would suggest you list your actual requiremnents including those mentioned above (include current spare capacity on your bandwidth, future growth predictions, direction of connections, type of apps used.....etc).
Then check the available literature (always compare vendor blurb with consumer opinion) for each of these points and award it a score. Your most mission critical feature should attract a higher weighted score.
With these totals expressed as a percentage you can get a fair idea of what is in and out of the running.
then raid the piggy bank.....
B-)
Brian
- Status
Similar threads
- Locked
- Question
- Locked
- Question