Keyboard Shortcuts
Thread View
j: Next unread messagek: Previous unread messagej a: Jump to all threadsj l: Jump to MailingList overview
Hi Pacnog,
I am seeking anyone expertises in selection of firewalls. Presently I am review three (two) firewall. I like to know what everyone else in the pacific and beyond is using.
The firewalls I am looking at are:
- Fortinet 300A
- Sonicwall 4060
- Sonicwall Pro 4100
Already looked at Cisco Pix, Watchguard X1000 Pro and Checkpoint NGX.
Looking forward to your comments.
Alex Abraham
Network Operations Manager
SamoaTel Limited
Maluafou HQ
Private Bag
Apia
Samoa
Tel: +685 67853
Fax: +685 24000
Email: alex.abraham@samoatel.ws
website: www.samoatel.ws
Alex,
I've been using Checkpoint (current version is 4.1 SP3) for over 5 years now without any issues. In fact it runs on a dedicated server with a 2 Gb SCSI HDD, 200 Mhz pentium and 96 Mb of RAM and NT 4.0 SP6a. It is also running on an IBM Netfinnity server nextdoor - which I also maintain - on a 256 Kbps link.
The only downside is it's expensive.
Contact me off the list if you wish.
Rgds.,
Jon
Alex Abraham wrote:
Hi Pacnog,
I am seeking anyone expertises in selection of firewalls. Presently I am review three (two) firewall. I like to know what everyone else in the pacific and beyond is using.
The firewalls I am looking at are:
- Fortinet 300A
- Sonicwall 4060
- Sonicwall Pro 4100
Already looked at Cisco Pix, Watchguard X1000 Pro and Checkpoint NGX.
Looking forward to your comments.
Alex Abraham
Network Operations Manager
SamoaTel Limited
Maluafou HQ
Private Bag
Apia
Samoa
Tel: +685 67853
Fax: +685 24000
Email: alex.abraham@samoatel.ws
website: www.samoatel.ws
pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog
We've been using SonicWall since 1999 and based on our experience, is a very reliable appliance. This is what I got currrently.
Brenda
Sonic Wall PRO
Firewall Serial Number: 4010
Model: PRO (CPU: StrongARM / 233 Mhz)
Firmware version: 6.5.0.4
ROM version: 5.0.1.0
RAM: 8 M
Flash: 4 M
Ethernet Speeds: WAN 10 Mbps Half Duplex, DMZ, LAN 100 Mbps Full Duplex
Number of IP addresses allowed with this license: Unlimited
Current connections: 331
At 07:46 AM 3/9/2006, Alex Abraham wrote:
Hi Pacnog,
I am seeking anyone expertises in selection of firewalls. Presently I am review three (two) firewall. I like to know what everyone else in the pacific and beyond is using.
The firewalls I am looking at are:
- Fortinet 300A
Sonicwall 4060 Sonicwall Pro 4100
Already looked at Cisco Pix, Watchguard X1000 Pro and Checkpoint NGX.
Looking forward to your comments.
Alex Abraham
Network Operations Manager
SamoaTel Limited
Maluafou HQ
Private Bag
Apia
Samoa
Tel: +685 67853
Fax: +685 24000
Email: alex.abraham@samoatel.ws
website: www.samoatel.ws
_______________________________________________
pacnog mailing list
pacnog@pacnog.org
http://mailman.apnic.net/mailman/listinfo/pacnog
On 8-Mar-2006, at 17:46, Alex Abraham wrote:
I am seeking anyone expertises in selection of firewalls. Presently I am review three (two) firewall. I like to know what everyone else in the pacific and beyond is using.
Personally, I like pf.
It's free software, and has a very rich feature set that exceeds what most commercial firewall appliances can offer (statefull failover between redundant firewalls, passive operating system fingerprinting, bandwidth control, traffic redirection, packet normalisation, etc). There are also good web-based admin tools available for it.
Like most free software, what you save on software costs you will likely spend in operational expense keeping the server upgraded, etc. However, if you already have systems people in staff, perhaps this expense isn't that great.
Another advantage to running something like pf on a dedicated, but general-purpose server rather than an appliance is that you retain the ability to install other related software (e.g. ntop, snort) on the same machines.
http://www.openbsd.org/faq/pf/
Most at home on OpenBSD, but is also included in recent distributions of FreeBSD, NetBSD, DragonflyBSD (and maybe others).
This seems to be a web interface for pf/OpenBSD (although I haven't tried it, and hence don't vouch for it):
Joe
Hi All,
This is now getting quite interesting of what people are using. Maybe I should have explained a couple of features/Things that I like to do:
1. Multiple Physical Interfaces + ability to sub interface them or use VLAN 2. VPN - IPSec, etc 3. Intrusion Detection and Prevention 4. Virus Wall
With the firewalls, discussion, do they do the above? Very interesting is Joe, FreedBSD option. Only things how easy is it to configure the above (if the software is available).
Thanks for the comments so far...
Alex
Alex Abraham wrote:
Hi All,
This is now getting quite interesting of what people are using. Maybe I should have explained a couple of features/Things that I like to do:
- Multiple Physical Interfaces + ability to sub interface them or use VLAN
FreeBSD does this, you may want to use a recent version however, it supports .1q vlan tagging
- VPN - IPSec, etc
FreeBSD does support ipsec, you will probably require some configuration on the BSD side, in this google becomes your friend.
- Intrusion Detection and Prevention
IDS can be done with snort and interfaces with weblogs or the like (there were a couple of packages that looked quite nice a few years back but I can't recall their names) but IDP may be more of a difficult one to implement.
- Virus Wall
This would largely depend on the above and what you are wanting with respect to AV scanning, if it is a simple "proxy and scan" system then take a look at the following which seems to indicate that it depends on the way you set things up (proxy package, e-mail package etc)
http://www.bsdforums.org/forums/archive/index.php/t-32613.html
With the firewalls, discussion, do they do the above? Very interesting is Joe, FreedBSD option. Only things how easy is it to configure the above (if the software is available).
ipf is not that hard to setup but natively does not have any pretty GUI's which a lot of commercial firewalls will give you, however, there are some quite good addons (also free) that can give you some excellent GUI interfaces to ipf. A quick search brings up fwbuilder which supports Linux, Free and OpenBSD and MacOS X
The trick will be putting it all together and making it work, this probably only requires time and patience :-)
On 9-Mar-2006, at 01:47, Steve Phillips wrote:
ipf is not that hard to setup but
Note that "ipf" is a different firewall system, for which (in OpenBSD) pf is a replacement. I think it's generally accepted that pf is more feature-rich than ipf today, but ipf is certainly another option if you want to do a full comparison.
(You might also investigate iptables on Linux, and ipfw on FreeBSD).
Joe
On 8-Mar-2006, at 20:31, Alex Abraham wrote:
This is now getting quite interesting of what people are using. Maybe I should have explained a couple of features/Things that I like to do:
- Multiple Physical Interfaces + ability to sub interface them or
use VLAN 2. VPN - IPSec, etc 3. Intrusion Detection and Prevention 4. Virus Wall
With the firewalls, discussion, do they do the above? Very interesting is Joe, FreedBSD option. Only things how easy is it to configure the above (if the software is available).
OpenBSD (with a couple of add-on packages, like snort and clamav) can do what you want. IPSec support is strong and has been built-in for a long time.
The following might be a useful read:
http://www.amazon.com/gp/product/8391665119/sr=8-1/qid=1141917995/ ref=sr_1_1/002-3266974-1782460?%5Fencoding=UTF8
(If that URL doesn't survive this message's trip through the list server, search for "Building Firewalls with OpenBSD and PF, Second Edition").
OpenBSD has developed a reputation for use as a firewall platform, and there are several vendors who are shipping pre-built appliances based on it. If you google for "OpenBSD firewall appliance" you will probably find some links, in case it seems useful to buy a pre-built system rather than rolling your own.
Joe
Hi Alex,
I have used Cisco Pix, Netscreen and Checkpoint (Firewall 1) before and I think Netscreen is great! (expensive though). In my case the main consideration are in the areas of capability (features), stability and manageability not so much of the price. Also to avoid the to much time in comparing each firewall features it's also good to consider which systems and services you are thinking of protecting and how you want to do it. Then you can easily decide to go ahead with software application or the hardware based firewall.
Regards, Mants
Alex Abraham wrote:
Hi Pacnog,
I am seeking anyone expertises in selection of firewalls. Presently I am review three (two) firewall. I like to know what everyone else in the pacific and beyond is using.
The firewalls I am looking at are:
* Fortinet 300A * Sonicwall 4060 * Sonicwall Pro 4100Already looked at Cisco Pix, Watchguard X1000 Pro and Checkpoint NGX.
Looking forward to your comments.
**Alex Abraham**
Network Operations Manager
SamoaTel Limited
Maluafou HQ
Private Bag
Apia
Samoa
Tel: +685 67853
Fax: +685 24000
Email: alex.abraham@samoatel.ws
website: www.samoatel.ws
pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog
----- Original Message -----From: Alex AbrahamSent: Thursday, March 09, 2006 8:46 AMSubject: [pacnog] Help:Firewalls SelectionHi Pacnog,
I am seeking anyone expertises in selection of firewalls. Presently I am review three (two) firewall. I like to know what everyone else in the pacific and beyond is using.
The firewalls I am looking at are:
- Fortinet 300A
- Sonicwall 4060
- Sonicwall Pro 4100
Already looked at Cisco Pix, Watchguard X1000 Pro and Checkpoint NGX.
Looking forward to your comments.
Alex Abraham
Network Operations Manager
SamoaTel Limited
Maluafou HQ
Private Bag
Apia
Samoa
Tel: +685 67853
Fax: +685 24000
Email: alex.abraham@samoatel.ws
website: www.samoatel.ws
_______________________________________________
pacnog mailing list
pacnog@pacnog.org
http://mailman.apnic.net/mailman/listinfo/pacnog
Activity Summary
- 6475 days inactive
- 6475 days old
- pacnog@pacnog.org
- 7 participants
- 9 comments