Hey,
The company I work for is in the market for a new firewall. Right now
we're hosting all of our own stuff (on CentOS servers) behind an old
checkpoint firewall.
I think Checkpoint is overkill for our needs and very expensive, plus I
don't like the "per-user" charges of some commercial solutions. What do
you guys suggest that we upgrade to? Here are some of the features that
I would like:
1) decent gui, either web based or a local client
2) usage graphs based on protocol. So if our tiny T1 is saturated, I
want to be able to find out what's eating up the bandwidth
3) VPN-friendly for a couple of road-warriors. There won't be any
remote offices so no server-to-server setups, just remote clients.
4) we have a DMZ and about 30 machines on the local network. Everyone
has a "normal" IP address, meaning that no one is behind NAT. So it
needs to handle this (which is pretty basic stuff)
5) high-availablity. So if I buy two machines, one can successfully die
and the other take over.
6) no per-user charges. If the company hires a dozen people next year,
we shouldn't have to "upgrade" our license.
Right now we're looking at some open-source stuff like pfsense,
m0n0wall, etc... But I'm totally open to an affordable commercial
firewall appliance.
Thanks for you help.
--Ajay
