[TriLUG] Slightly-OT: Firewalls

Ron Kelley rkelleyrtp at gmail.com
Mon Apr 18 15:35:37 EDT 2011 

Grab an old PC and run pfSense (free!) - you will be more than satisfied.  I put together a ~$200 Atom D510 box (1G RAM, small HDD) with pfSense for my home router/firewall and it *just works*.  Everything is driven from a simple Web GUI, and you get the normal bag of firewall stuff (NAT, VPN, inside/outside rules, etc). --> http://www.pfsense.org

I have deployed numerous pfSense firewalls for data center use under 12/7 operation using pfSense with no failures.  Sure beats the heck out of spending $2,500 for a Cisco ASA 5510 box (and, I *was* a Cisco guy)...


Thanks,

-Ron




On Apr 18, 2011, at 3:29 PM, matt at noway2.thruhere.net wrote:

> I say slightly OT because it isn't necessarily, but could be, Linux based
> and will be used in a Linux based network ....  I have been looking into
> (small business grade) hardware firewalls for a while now and have been
> seriously thinking of getting one.  Before I make any firm decisions, I
> wanted to ask what experience the group has and for any recommendations
> for or against.
> 
> The basic specs and wish list are:
> 1 - support for multiple public IP addresses (this puts it outside the
> standard home grade)
> 1A - multiple servers have puplic IP address that would need to be
> accounted for in either NAT or PAT* (see below).
> 2 - VPN for remote access
> 3 - throughput isn't terribly high (TWC business class)
> 4 - intrusion detection would be a plus, but isn't necessary at this level.
> 5 - Cost is a consideration (seem to range $250 - $500 in this end range).
> 6 - wireless is optional.  I would use wireless on one of the VLANs (my
> private one), but can just as easily put a simple wireless router in too.
> 
> *Note on NAT * - I was watching a youtube video on the ASA 5505 and it
> looks like you define two VLANs (one public, one private) and define ACL
> rules between them, using the net masks to translate blocks of IPs and
> then define the block gateways.  Before this, I wasn't even sure how this
> would work.
> 
> I have been leaning towards a Cisco ASA 5505 series, but I seem to see a
> lot of mention for Sonicwall.  I have also seen reviews that say stay away
> from Sonicwall and go with Cisco.  From what I can tell the FortiGate
> products seem to be well received, but a little more expensive.
> 
> I have considered getting a WRT54 series and putting dd-wrt on it, but I
> would prefer something a little more "heavy duty" for this application.
> 
> Does anybody have a recommendation that they would be willing to share?
> 
> -- 
> This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	: http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list