Re: Was, RE: Firewall recommendations

[Dan Oachs <doachs () GAC EDU>]

For our relatively small campus and our 100Mbit internet and 1gig
internet2 connection we are using a linux system running CentOS5 and
modify all the iptables entries by hand.  It is not all that interesting
but we have been using a setup like that for about 4 years now and has
worked very well for us.  Very flexible and has allowed us to do pretty
much everything we have ever wanted to do for the price of a small server.

   Thanks,
      Dan Oachs
      Gustavus Adolphus College


Halliday,Paul wrote:
> Has anyone here tried implementing a border firewall solution that is ! commercial? Internally I rely heavily on OpenBSD's 
> (running on FreeBSD) Packet filter for numerous IDS/network monitoring sensors. At the same time I maintain our EOL PIX 
> 515's.
>
> I have always had a hard time understanding how the latter actually has market value. Is anyone doing neat stuff with 
> free stuff?
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv on behalf of Jeff Holden
> Sent: Fri 2/29/2008 5:41 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Firewall recommendations
>
>
> We are looking at upgrading our campus's firewall.  We are currently using a pair of end of life PIX 515s.  We have been 
> looking at the Cisco ASA and Juniper Netscreen products.  We are very early in our evaluation and haven't talked with any 
> venders yet.  We are wondering if any other campus has been through this process recently and can offer any suggestions.  We are 
> looking at the bandwidth they can handle, price, added features such as VPN, IDS/IPS functionality, likes and dislikes and any 
> other helpful advise.    Currently we are a mixed Cisco and HP shop, but are open to any and all vendors solutions.
>
> Thanks,
> Jeff Holden, CISSP, RHCE
> Manager, Network & Data Security
> Mt. San Antonio College
> (909) 594-5611 X5017

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature