Wow. Thanks for all the suggestions guys. I went to bed with a list of
requirements and now I have a ton of more options to research.
One thing, has anyone used Astaro? I was looking at their "security
gateway 220" product last night and it looked like it fit my needs:
http://www.astaro.com/firewall_network_security/asg220
It doesn't have the failover, but everything else was there.
There were other emails in regard to "size of the company" and other
stuff which I'll answer:
- there's about 30 people here now, and we plan to add about 10 more
next year.
- our firewall has a default deny in and out. So we have to open up
ports for access and internally we have our own DNS and email so those
ports are closed.
- we don't proxy any services.
- I'm already a super busy admin/programmer so I kinda don't want to
babysit this thing (which is bad considering it's a fundamental
component of the network). In any case, I'd rather buy a product and
keep it updated then have to build a home-grown type of solution.
Again, thanks for all your help.
--Ajay
Ajay Sharma wrote:
> Hey,
>
> The company I work for is in the market for a new firewall. Right now
> we're hosting all of our own stuff (on CentOS servers) behind an old
> checkpoint firewall.
>
> I think Checkpoint is overkill for our needs and very expensive, plus I
> don't like the "per-user" charges of some commercial solutions. What do
> you guys suggest that we upgrade to? Here are some of the features that
> I would like:
>
> 1) decent gui, either web based or a local client
>
> 2) usage graphs based on protocol. So if our tiny T1 is saturated, I
> want to be able to find out what's eating up the bandwidth
>
> 3) VPN-friendly for a couple of road-warriors. There won't be any
> remote offices so no server-to-server setups, just remote clients.
>
> 4) we have a DMZ and about 30 machines on the local network. Everyone
> has a "normal" IP address, meaning that no one is behind NAT. So it
> needs to handle this (which is pretty basic stuff)
>
> 5) high-availablity. So if I buy two machines, one can successfully die
> and the other take over.
>
> 6) no per-user charges. If the company hires a dozen people next year,
> we shouldn't have to "upgrade" our license.
>
> Right now we're looking at some open-source stuff like pfsense,
> m0n0wall, etc... But I'm totally open to an affordable commercial
> firewall appliance.
>
> Thanks for you help.
>
> --Ajay
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
