Educause Security Discussion mailing list archives

Re: *Nix-Based NG Firewalls - Looking for info...

From: Bob Williamson <bob_williamson () AW ORG>
Date: Thu, 3 Jul 2014 17:21:11 +0000

Dan,

Have you looked at VM appliances from PaloAlto, fortinet, Watchguard etc?  Maybe that is worth looking at?

Bob Williamson
Network Administrator
Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org<http://www.aw.org/>
D: 253.272.2216 | F: 253.572.3616 | Bob_Williamson () aw org<mailto:Bob_Williamson () aw org>


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Scherck, 
Daniel
Sent: Thursday, July 3, 2014 9:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] *Nix-Based NG Firewalls - Looking for info...

Hi Folks -

We're looking to replace our current firewall setups with something a little more powerful. Currently we run an 
IPTables based setup. This has performed well for us overall, being fast and simple. However, with the emerging threats 
coming from both inside and outside, I'm looking at getting something a little more powerful in the lineup. We had 
already budgeted and purchased replacement servers to simply take the same setup as the current ones on new hardware, 
but due to some difficulties with implementation and compiling, I'm at the point of looking outside the current setup.  
So the question is, does anyone out there have good/bad experience with *Nix firewall distros?   I'd like to find 
something that can easily handle around 3000 concurrent users, with a 1 gig WAN pipe, and have integrated IDS/IPS, 
antivirus, and Layer 7 capability.

Just for eval purposes, I have set up ESXi on the new servers, and installed five firewall distros for testing:  
Endian, IPCop, pfsense, Smoothwall Express, and Untangle (Free).

Any other recommendations? Any considerations I might have missed?

(I have looked for other discussions in the mail list, but didn't see anything that wasn't centered around the 
appliance firewalls like Palo Alto, Fortigate and Tipping Point. Since the hardware was already purchased, those are 
pretty much off the table until next refresh.)

Dan Scherck
Sr. Network Engineer
The Evergreen State College
2700 Evergreen Parkway NW , Olympia, WA 98505
+1-360-867-5383

Current thread:

*Nix-Based NG Firewalls - Looking for info... Scherck, Daniel (Jul 03)
- Re: *Nix-Based NG Firewalls - Looking for info... Bob Williamson (Jul 03)