LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   firewall suggestions (https://www.linuxquestions.org/questions/linux-networking-3/firewall-suggestions-646388/)

jose_tk 06-02-2008 07:35 AM
firewall suggestions
 
Hi there,

My company is going to launch a Data Center which consists of 30+ Linux Servers (RH and CentOS). There are two connections getting from the ISP in which one will go the the Data Center and the other goes to the Corporate Network. We need to add redundancy to the Data Center connectivity by adding two firewall (if one fails other has to take on).

My question is which should be the ideal Firewall to go for?
Which is better if acting independently and which is better one for a firewall HA? We are open to iptables based or FreeBSD based Firewalls.

Kindly share your suggestions and thoughts.

Thankyou for your time
Jose

Tux-Slack 06-02-2008 08:20 AM
I've never used any of these "auto configurational" firewalls, but in your case I would chose m0n0wall.

Nathanael 06-02-2008 09:01 AM
for a company you could use some commercial product, such as astaro (http://www.astaro.de http://www.astaromarket.de) or gibraltar (http://www.gibraltar.at)

i personally though always prefere raw iptables.

lsteacke 06-02-2008 10:34 AM
You might also want to consider shorewall. Its a config based firewall, but translates the configs into iptables.

http://www.shorewall.net

salasi 06-02-2008 01:27 PM
Quote:
Originally Posted by jose_tk (Post 3171979)
My company is going to launch a Data Center which consists of 30+ Linux Servers (RH and CentOS).
In which case, being as this is quite a professional operation, presumably you will have asked your security specialist and your networking specialist (maybe this is one person) their preferences.

If you don't have that kind of expertise, in house, maybe you should be considering a solution like Cisco, Bay Networks, Juniper, etc, etc because without the relevant expertise you'll want something that is easy to administer.

Failing that, you might consider one of the stand-alone firewall distros, like Astaro, IPCop, whatever ClarkConnect is called these days. Even here, you would be advised to have someone who knows what they are doing, so someone should go on an appropriate course.

Failing that, there is the 'roll your own' approach Most of the GUI firewalls are just front ends to Iptables, etc, so don't add any new capabilities, but arguably make configuration easier for newbies. However, the person doing this should in no way be a newbie. We all make mistakes or do things sub-optimally the first time through and do you want to risk your entire data centre operation on the chance of how your newbie's errors affect your customers?

So, if you get to this stage, you really, really need someone who knows what they are doing, whether that means hiring an expert for a while or training your own. Given that for this you need an expert, I'm not clear why you are asking a bunch of miscellaneous strangers, some of whom may lie or indulge in black-hatted behaviour for amusement.

requiem 06-02-2008 11:13 PM
Smoothwall
 
I'd check this out: SmoothWall I've heard good things about this in the past. Check out the feature comparison chart on the page.

hemi_426 06-02-2008 11:54 PM
im with Slasi


All times are GMT -5. The time now is 06:34 PM.