Looking at some different firewalls
Cisco Pix
Firewall-one
Checkpoint
Sidewinder
Could I get some viewpoints (rankings) and distinctive advantages of these. We are trying to determine which might be best to implement across our WAN and why.
If you have the money to spare, go with a firewall called Gauntlet. I am running Gauntlet 6.0 on Solaris8 and have had no problems to date. The previous version 5.5 running on Solaris 2.6 was also a great release.
Like I said have your pocket book ready. Those guys at PGP don't like to charge lightly.
Or, you could always take the hardcore geek approach, and get one of the *BSDs, and learn how to recompile the kernel for ipfw or ipfilter support, and how to do manipulate the related config files.
I wouldn't recommend the "home-grown" approach if you want to do something like content filtering, but if you need basic robust firewall security, with the ability to define a faily sophisticated IP filtering ruleset, then this is not a bad approach. AND you will really learn about how internet security works. The downside is that it takes some serious reading. The upside is that once you learn it, you can deploy a BSD firewall fairly rapidly, expecially if you build up your own libraries of standardized rulesets, and there are no licensing costs at all.
I am no Unix security guru, but I managed, without too much trouble, to recompile FreeBSD with ipfw on a modest piece of used hardware, and set it up as my home DSL gateway. Thus I can breathe a lot easier when my wife is online with Win98 or when I have to test out insecure settings on my main workstation, since they all have internal IP's and I can filter out any IP address (or group) to any port I want. The first time I did this, it took the better part of a day, but now I can pretty much have a basic firewall up and running in a couple hours.
Beyond this, the BSD's are often where the TCP/IP security standards are set, so there is almost always support for the other sophisticated security systems. Here is a link for setting up IPsec on OpenBSD:
for articles related to firewalling and security and you will see what I mean. (HINT: quite often the commercial firewalls are running some slightly proprietized version of BSD, and using many of these protocols which are freely available)
Heres one for you, I'm currently using this easy to setup linux based firewall.
It really is easy to set up and depending on your bandwidth/user load requirement you install it on hardware suitable for the job.
My work network has 30 users on a leased line, I run smoothwall on a p100 with 32 mb ram and its flies.
At home for my 3 machines it runs just great on a 386 sx25 with 16mb ram.
You have to see it to believe just how much you get for your money.
I too am using Smoothwall on our network, and will have a Velociraptor 500 model hooked up pretty soon.
I'm planning on using the Smoothie to run a proxy.
I like Smoothwall, but I think it lacks a couple of features in their front end interface. I would love to see some kind of access control list (add user, allow, deny, etc), but alas I am not a programmer.
It's still a good firewall though. J.R. Juiliano
Information Systems Specialist
Tri-City Emergency Medical Group
There are several "firewalls" for Linux that run very sweetly on low end Pentiums. ipchains / ipfwadm is very robust if configured properly (as they all are).
I can't find the URL but there is a great site that has a sort of wizard to build your script for you - just key in the details and hit GO.
Personally I like Cisco and a Pix in a rack looks a lot nicer than a Pentium
Before you pick a firewall you need to answer the following questions:
Is the speed of throughput on my internet connection mission critical?
What am I actually protecting?
(Is it a service network or a straight hop onto your live net)
Different firewalls are good at different things. I personnaly love Raptor but then, I'm a user and my experience has not been in an environment where high throughput has been critical. Raptor tends to suck in this scenario. Checkpoint on the other hand works in a different manner and can rip along at light speed.
I would suggest you list your actual requiremnents including those mentioned above (include current spare capacity on your bandwidth, future growth predictions, direction of connections, type of apps used.....etc).
Then check the available literature (always compare vendor blurb with consumer opinion) for each of these points and award it a score. Your most mission critical feature should attract a higher weighted score.
With these totals expressed as a percentage you can get a fair idea of what is in and out of the running.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.