Hi there,

My company is going to launch a Data Center which consists of 30+ Linux Servers (RH and CentOS). There are two connections getting from the ISP in which one will go the the Data Center and the other goes to the Corporate Network. We need to add redundancy to the Data Center connectivity by adding two firewall (if one fails other has to take on).

My question is which should be the ideal Firewall to go for?
Which is better if acting independently and which is better one for a firewall HA? We are open to iptables based or FreeBSD based Firewalls.

Kindly share your suggestions and thoughts.

Thankyou for your time
Jose

I've never used any of these "auto configurational" firewalls, but in your case I would chose m0n0wall.

for a company you could use some commercial product, such as astaro (http://www.astaro.de http://www.astaromarket.de) or gibraltar (http://www.gibraltar.at)

i personally though always prefere raw iptables.

You might also want to consider shorewall. Its a config based firewall, but translates the configs into iptables.

http://www.shorewall.net

In which case, being as this is quite a professional operation, presumably you will have asked your security specialist and your networking specialist (maybe this is one person) their preferences.

If you don't have that kind of expertise, in house, maybe you should be considering a solution like Cisco, Bay Networks, Juniper, etc, etc because without the relevant expertise you'll want something that is easy to administer.

Failing that, you might consider one of the stand-alone firewall distros, like Astaro, IPCop, whatever ClarkConnect is called these days. Even here, you would be advised to have someone who knows what they are doing, so someone should go on an appropriate course.

Failing that, there is the 'roll your own' approach Most of the GUI firewalls are just front ends to Iptables, etc, so don't add any new capabilities, but arguably make configuration easier for newbies. However, the person doing this should in no way be a newbie. We all make mistakes or do things sub-optimally the first time through and do you want to risk your entire data centre operation on the chance of how your newbie's errors affect your customers?

So, if you get to this stage, you really, really need someone who knows what they are doing, whether that means hiring an expert for a while or training your own. Given that for this you need an expert, I'm not clear why you are asking a bunch of miscellaneous strangers, some of whom may lie or indulge in black-hatted behaviour for amusement.

I'd check this out: SmoothWall I've heard good things about this in the past. Check out the feature comparison chart on the page.

im with Slasi