Re: Suggestions for Open Source Internet Security Gateway Distro/Product

[Arch Angel <arch3angel () gmail com>]

Jason,

Don't forget to come back to this thread and fill us in on how each ran for
you, thoughts, opinions, and what you decided to run with in the end.

Robert Miller
(arch3angel)


On Wed, Apr 24, 2013 at 11:09 AM, Jason Drury <druryjason () yahoo com> wrote:

> Thank you everyone for your responses (I love this list!). I am going to
> check out pfsense (can't believe I forgot about it), Astaro, and Untangle
> then decide which one out of the three I like best.
>
>   ------------------------------
>  *From:* Arch Angel <arch3angel () gmail com>
> *To:* PaulDotCom Security Weekly Mailing List <
> pauldotcom () mail pauldotcom com>
> *Sent:* Tuesday, April 23, 2013 1:14 PM
> *Subject:* Re: [Pauldotcom] Suggestions for Open Source Internet Security
> Gateway Distro/Product
>
> For what it's worth I have been running on Astaro on an old desktop
> computer for something like 5-8 years now, with gig network cards for my
> different segments.  I run seperate wireless networks; one for my mobile
> devices such as phones and laptops as well as one for my son's Xbox
> consoles.  It has served me very well for years and cost me virtually
> nothing.  I have had some recent snags with false positives but once I
> tracked them down and tuned themout it was back humming along.  I have used
> it for VPN, web filtering, network segmentation, all purpose firewall, etc
> and haven't had a bit of trouble.
>
> Vyatta will do your firewall for you but this is not it's primary focus.
> Vyatta is a router/switching platform which was upposed to provide an open
> source solution to enterprises, but I found it works great for educational
> purposes in learning routing and switching.  It is a rock solid platform
> but keep in mind it is just that, a router/switch platform so many of the
> things pfSense and Astaro do for you behind the scenes you have to do
> manually.  That being said if you have the time to get everything
> configured, tested, and running you can learn a great deal from building a
> Vyatta box.
>
> pfSense, most likely the platform I would switch to if I left Astaro.
> Last time I checked pfSense did not provide as many uses as the Astaro
> platform but does offer a rock solid, proven firewall.  Just becareful with
> the BSD core as Robin mentioned.  Wireless N is not there yet.
>
> I have been told Untangle has one of the best web filters of all of them,
> however I take that with a grain of salt since I haven't proven it myself.
> It did look promising but since my Astaro box is still kicking CPU cycles I
> haven't wanted to go redoing all my networks and firewall rules to try
> something else, but so far it ha had positive "word of mouth" reviews.
>
> If it was me and I had to do over again I would most likely still stick
> with Astaro, then pfSense, then Untangle, then Vyatta with all running
> wireless on a seperate segmented network.  If you want more than basic
> routering/switching/firewall abilities dumb Vyatta and pfSense; look at
> Astaro and Untangle.
>
> Hope it helps,
>
> Robert Miller
> (arch3angel)
>
>
> On Tue, Apr 23, 2013 at 11:30 AM, James Shewmaker <james () bluenotch com>wrote:
>
> Just deployed a few fit-pc3 with pfsense. More pricey than Alix, but you
> get 5 gigabit ports (on the model I use), dual core Athlon fusion, 8 GB RAM
> ... can do a lot with that.
>
> Regards,
>
> James Shewmaker
>
>
> On Mon, Apr 22, 2013 at 7:18 PM, Tim Krabec <tkrabec () gmail com> wrote:
>
> Alix looks cool
> On Apr 22, 2013 10:08 PM, "Robin Wood" <robin () digininja org> wrote:
>
> pfSense running on an Alix board. If you put a wifi card in one you can
> run it as your AP as well but watch out that because it is based on BSD at
> the moment it is limited to 802.11abg and not n.
>
> Robin
>
> On 22 April 2013 21:08, Jon Molesa <rjmolesa () consoltec net> wrote:
>
> +1
> Jon Molesa
> On Apr 22, 2013 3:00 PM, "Matt Nels" <mattnels () gmail com> wrote:
>
> Not Debian/Ubuntu, but you should add pfSense to your list.
>
> On Mon, Apr 22, 2013 at 1:02 PM, Jason Drury <druryjason () yahoo com> wrote:
>
> Folks,
>
> I would like to setup an Internet security box for my home network for
> firewalling, dhcp, IDS, web filtering, and possibly VPN. It has been a long
> time since I've looked at the various Linux security distros that do this
> (I think Astaro Security was the best choice back then).
>
> I did a few searches and it seems like there are a LOT of distros/products
> available now.
>
>  Here are just a few I came across:
>
> 1. Untangle - http://www.untangle.com/
> 2. Vyatta - http://www.vyatta.org/
> 3. Zentyal - http://www.zentyal.org/
> 4. Sophos UTM (formley Astaro) -
> http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
> 5. Engarde Linux - http://www.engardelinux.org/
> 6. Smoothwall - http://www.smoothwall.org/
> 7. ClearOS - http://www.clearfoundation.com/Software/overview.html
>
> I do not care if it is gui or cli based. I would prefer something based on
> Debian/Ubuntu, but not absolutely necessary.
>
> Does anyone have any experience with the above distros/products or could
> you recommend something else you like?
>
> Thanks,
> Jason
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com