Astaro has failover capabilites. I have used it and found it to be very resource hungry. Astaro is also licnesed by users so when you add users you'll have to add licenses which is something you did not want to do. Astaro is very good at what it does bu the latest versions 5 and 6 IMO need more polish before they are truly ready. Ajay Sharma wrote: > > Wow. Thanks for all the suggestions guys. I went to bed with a list of > requirements and now I have a ton of more options to research. > > One thing, has anyone used Astaro? I was looking at their "security > gateway 220" product last night and it looked like it fit my needs: > > http://www.astaro.com/firewall_network_security/asg220 > > It doesn't have the failover, but everything else was there. > > There were other emails in regard to "size of the company" and other > stuff which I'll answer: > > - there's about 30 people here now, and we plan to add about 10 more > next year. > > - our firewall has a default deny in and out. So we have to open up > ports for access and internally we have our own DNS and email so those > ports are closed. > > - we don't proxy any services. > > - I'm already a super busy admin/programmer so I kinda don't want to > babysit this thing (which is bad considering it's a fundamental > component of the network). In any case, I'd rather buy a product and > keep it updated then have to build a home-grown type of solution. > > Again, thanks for all your help. > > --Ajay > > Ajay Sharma wrote: > >> Hey, >> >> The company I work for is in the market for a new firewall. Right now >> we're hosting all of our own stuff (on CentOS servers) behind an old >> checkpoint firewall. >> >> I think Checkpoint is overkill for our needs and very expensive, plus >> I don't like the "per-user" charges of some commercial solutions. >> What do you guys suggest that we upgrade to? Here are some of the >> features that I would like: >> >> 1) decent gui, either web based or a local client >> >> 2) usage graphs based on protocol. So if our tiny T1 is saturated, I >> want to be able to find out what's eating up the bandwidth >> >> 3) VPN-friendly for a couple of road-warriors. There won't be any >> remote offices so no server-to-server setups, just remote clients. >> >> 4) we have a DMZ and about 30 machines on the local network. Everyone >> has a "normal" IP address, meaning that no one is behind NAT. So it >> needs to handle this (which is pretty basic stuff) >> >> 5) high-availablity. So if I buy two machines, one can successfully >> die and the other take over. >> >> 6) no per-user charges. If the company hires a dozen people next >> year, we shouldn't have to "upgrade" our license. >> >> Right now we're looking at some open-source stuff like pfsense, >> m0n0wall, etc... But I'm totally open to an affordable commercial >> firewall appliance. >> >> Thanks for you help. >> >> --Ajay >> _______________________________________________ >> CentOS mailing list >> CentOS@xxxxxxxxxx >> http://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > -- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape" CDTT (Certified Duct Tape Technician) Linux user #322099 Machines: 206822 256638 276825 http://counter.li.org/